The security component tackles the complex problems of authentication and authorization by spreading concerns across a number of single responsibility objects. This is a flexible design, but difficult for beginners to navigate. This presentation will bring the security component to life for us all to understand! Join us to see some of your favorite members of the Symfony community perform the security component in a series of scenes, interspliced with some technical descriptions of what's going on.
9. “…the current implementation of the Security
Component is … not easily accessible”
http://www.testically.org/2011/03/14/why-i-gave-up-on-the-symfony2-security-component/
10. “I would rather see Symfony2 postponed again
or the Security Component removed …
I don’t think it is even near of being usable to
the community outside the core.”
http://www.testically.org/2011/03/14/why-i-gave-up-on-the-symfony2-security-component/
11. “The past few days I have really be struggling
with the Symfony2 security component.
It is the most complex component of
Symfony2 if you ask me!”
http://blog.vandenbrand.org/2012/06/19/symfony2-authentication-provider-authenticate-against-webservice/
12. “(I’m) wondering if I should just work around
rather than work with the framework”
https://groups.google.com/forum/#!msg/symfony2/AZpgbEk4Src/73P99zOmq2YJ
27. use SymfonyComponentHttpFoundationResponse;
class PickyFirewall
{
public function handle($event)
{
$request = $event->getRequest();
$user = $request->headers->get('PHP_AUTH_USER');
// only names that start with "Q"
if ('Q' == $user[0]) return;
$event->setResponse(new Response('go away', 401));
}
}
30. class Firewall
{
public $listeners = array();
public function handle($event)
{
foreach ($this->listeners as $listener) {
$listener->handle($event);
if ($event->hasResponse()) return;
}
}
}
33. use SymfonyComponentHttpFoundationResponse;
class PickyListener
{
public function handle($event)
{
$request = $event->getRequest();
$user = $request->headers->get('PHP_AUTH_USER');
// only names that start with "Q"
if ('Q' == $user[0]) return;
$event->setResponse(new Response('go away', 401));
}
}
50. class AuthenticationManager
{
public $providers = array();
public function authenticate($t)
{
foreach ($this->providers as $p) {
if ($p->supports($t)) {
return $p->authenticate($t);
}
}
}
}
56. Authentication Providers
• Performs authentication using client
data in the token
• Marks the token as authenticated
• Attaches the user object to the
token