galmi / xacmlbundle
XACML Bundle
Installs: 8
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 1
Type:symfony-bundle
Requires
- php: >=5.5.0
- galmi/xacml: dev-master
Requires (Dev)
- codeclimate/php-test-reporter: ^0.2.0
- doctrine/doctrine-bundle: ~1.4
- doctrine/doctrine-fixtures-bundle: ^2.3
- phpunit/phpunit: 4.8.*
This package is not auto-updated.
Last update: 2024-11-13 19:30:24 UTC
README
GalmiXacmlBundle
The GalmiXacmlBundle adds support for ABAC (Attribute Based Access Control) based on eXtensible Access Control Markup Language (XACML) Version 3.0 OASIS Standard.
Features include:
- Policies can be stored via Doctrine ORM
- Unit tested
Installation
Step 1: Download the Bundle
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
$ composer require galmi/xacmlbundle "dev-master"
This command requires you to have Composer installed globally, as explained in the installation chapter of the Composer documentation.
Step 2: Enable the Bundle
Then, enable the bundle by adding it to the list of registered bundles
in the app/AppKernel.php file of your project:
<?php // app/AppKernel.php // ... class AppKernel extends Kernel { public function registerBundles() { $bundles = array( // ... new Galmi\XacmlBundle\GalmiXacmlBundle(), ); // ... } // ... }
Using with default configuration
With default configuration it is Permit to all resources and actions if it is not denied.
You must determine Resource for each action. You can add Annotation for your actions.
<?php namespace AppBundle\Controller; // ... use Galmi\XacmlBundle\Annotations\XacmlResource; class CustomerController extends Controller { /** * @XacmlResource(entity="AppBundle\Entity\Customer", id="id") */ public function editAction(Request $request) { // ... } }
This annotation determine resource class "AppBundle\Entity\Customer" with identifier key "id" in request (_GET, _POST).
Customization
Configure Default Decision
Default decision is determine the result of request if rules was not matched. Default value is "Permit". It's mean that user will restrict access to all requests if all rules is not match request. Default decision value allowed "Permit" or "Deny".
# config/parameters.yml parameters: galmi_xacml.default_decision: Permit
If you using xml configuration, you can use constant PERMIT or DENY of class Galmi\Xacml\Decision.
<!-- config/services.xml --> <container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <parameters> <parameter key="galmi_xacml.default_decision" type="constant">Galmi\Xacml\Decision::PERMIT</parameter> </parameters> </container
Configure Default Combining Algorithm
If you have multiple top level Policy sets or Policies, Policy Decision Point must determine only one decision "Permit" or "Allow". For this case you can use Combining Algorithm. Default value is "\Galmi\Xacml\CombiningAlgorithmRegistry::FIRST_APPLICABLE" it means that first evaluated Policy set or Policy is the result of PDP.
# config/parameters.yml parameters: galmi_xacml.default_combining_algorithm: "first-applicable"
If you using xml configuration, you can use constants of class Galmi\Xacml\CombiningAlgorithmRegistry.
<!-- config/services.xml --> <container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <parameters> <parameter key="galmi_xacml.default_combining_algorithm" type="constant">\Galmi\Xacml\CombiningAlgorithmRegistry::FIRST_APPLICABLE</parameter> </parameters> </container