halloverden / symfony-security-bundle
Bundle for halloverden/symfony-security
Installs: 1 370
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 2
Type:symfony-bundle
Requires
- php: >=7.2
- halloverden/symfony-security: ^3.0.0
- symfony/dependency-injection: ^v4.4.13|^5.1.5
- symfony/event-dispatcher: ^v4.4.13|^5.1.5
- symfony/framework-bundle: ^v4.4.13|^5.1.5
- symfony/http-kernel: ^v4.4.13|^5.1.5
- symfony/security-bundle: ^v4.4.13|^5.1.5
Requires (Dev)
- symfony/validator: ^v4.4.13|^v5.1.5
- dev-master
- 3.1.0
- 3.0.1
- 3.0.0
- 2.1.0
- 2.0.1
- 2.0.0
- 1.3.0
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.1
- 1.0.0
- dev-dependabot/composer/symfony/http-kernel-5.4.20
- dev-dependabot/composer/symfony/security-bundle-5.4.20
- dev-feature/upgrade-to-symfony-security-4
- dev-feature/access-definition-metadata-expression
- dev-feature/access-defintion-service-in-base-voter
- dev-feature/symfony-security-access-definable-filters
- dev-docs/readme
This package is auto-updated.
Last update: 2024-10-30 01:59:32 UTC
README
Installation
Make sure Composer is installed globally, as explained in the installation chapter of the Composer documentation.
Applications that use Symfony Flex
Open a command console, enter your project directory and execute:
$ composer require halloverden/symfony-security-bundle
Applications that don't use Symfony Flex
Step 1: Download the Bundle
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
$ composer require alloverden/symfony-security-bundle
Step 2: Enable the Bundle
Then, enable the bundle by adding it to the list of registered bundles
in the config/bundles.php file of your project:
// config/bundles.php return [ // ... HalloVerden\SecurityBundle\HalloVerdenSecurityBundle::class => ['all' => true], ];
Authenticators
Authenticators can be used to allow authentication with an access token from your OpenID provider.
- Create a class that implements
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface - Enable authenticators and the class you want to use as services
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface: class: App\Services\OauthUserProviderService # Your class HalloVerden\Security\AccessTokenAuthenticator: ~ HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
- Add authenticators to your security config.
guard: authenticators: - HalloVerden\Security\AccessTokenAuthenticator entry_point: HalloVerden\Security\AccessTokenAuthenticator
- You also need services that implements
HalloVerden\Security\Interfaces\OauthTokenProviderServiceInterfaceandHalloVerden\Security\Interfaces\OauthJwkSetProviderServiceInterface( this can be skipped when using halloverden/symfony-oidc-client-bundle )
Access Definitions
Create a yaml file for each entity that needs to have a access definition. Example:
App\Entity\Requests\TestRequest: canCreate: roles: - 'ROLE_ADMIN' scopes: - 'system.create:test-request' canRead: roles: - 'ROLE_ADMIN' scopes: - 'system.read:test-request' canUpdate: roles: - 'ROLE_ADMIN' scopes: - 'system.update:test-request' canDelete: roles: - 'ROLE_ADMIN' scopes: - 'system.delete:test-request' properties: test: canRead: roles: - 'ROLE_USER' scopes: - 'system.read:test-request.test' canWrite: roles: - 'ROLE_USER' scopes: - 'system.write:test-request.test' yoo: canWrite: roles: - 'ROLE_USER'
Add the path for this access definition in the config file:
hallo_verden_security: access_definitions: dirs: App\Entity\Requests: '%kernel.project_dir%/config/access_definitions/requests'
You can use AccessDefinableExclusionStrategy to skip properties the user does not have access too on serializing the deserializing.
There is also the HasAccess validator constraint that can check if user have access to specific property.
In any other case you can use AccessDefinitionService to check access for specific class/property.