Download - Love and Loss: A Symfony Security Play
![Page 1: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/1.jpg)
Love & LossA Symfony Security Play
![Page 2: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/2.jpg)
brewcycleportland.com
![Page 3: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/3.jpg)
@kriswallsmith
![Page 4: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/4.jpg)
assetic
![Page 5: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/5.jpg)
Buzz
![Page 6: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/6.jpg)
Spork
![Page 7: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/7.jpg)
![Page 8: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/8.jpg)
![Page 9: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/9.jpg)
“…the current implementation of the Security Component is … not easily accessible”
http://www.testically.org/2011/03/14/why-i-gave-up-on-the-symfony2-security-component/
![Page 10: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/10.jpg)
“I would rather see Symfony2 postponed again or the Security Component removed …
I don’t think it is even near of being usable to the community outside the core.”
http://www.testically.org/2011/03/14/why-i-gave-up-on-the-symfony2-security-component/
![Page 11: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/11.jpg)
“The past few days I have really be struggling with the Symfony2 security component. It is the most complex component of
Symfony2 if you ask me!”
http://blog.vandenbrand.org/2012/06/19/symfony2-authentication-provider-authenticate-against-webservice/
![Page 12: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/12.jpg)
“(I’m) wondering if I should just work around rather than work with the framework”
https://groups.google.com/forum/#!msg/symfony2/AZpgbEk4Src/73P99zOmq2YJ
![Page 13: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/13.jpg)
![Page 14: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/14.jpg)
![Page 15: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/15.jpg)
Enhance yourPHPfun!
![Page 16: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/16.jpg)
http://curiouscomedy.org
![Page 17: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/17.jpg)
![Page 18: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/18.jpg)
![Page 19: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/19.jpg)
HttpKernel
kernel.exception
kernel.request kernel.terminatekernel.controller kernel.view kernel.response
![Page 20: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/20.jpg)
kernel.request kernel.controller kernel.view kernel.response kernel.terminate
kernel.exception
HttpKernel
![Page 21: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/21.jpg)
kernel.request kernel.controller kernel.view kernel.response kernel.terminate
kernel.exception
HttpKernel
![Page 22: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/22.jpg)
HttpKernelGet the response and get out
![Page 23: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/23.jpg)
kernel.request
Routeretc…
Firewall
![Page 24: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/24.jpg)
FirewallJust another listener
![Page 25: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/25.jpg)
class YesFirewall{ public function handle($event) { // always say yes }}
![Page 26: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/26.jpg)
use Symfony\Component\HttpFoundation\Response;
class NoFirewall{ public function handle($event) { // always say no $event->setResponse( new Response('go away', 401) ); }}
![Page 27: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/27.jpg)
use Symfony\Component\HttpFoundation\Response;
class PickyFirewall{ public function handle($event) { $request = $event->getRequest(); $user = $request->headers->get('PHP_AUTH_USER');
// only names that start with "Q" if ('Q' == $user[0]) return;
$event->setResponse(new Response('go away', 401)); }}
![Page 28: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/28.jpg)
Security ListenersThe firewall’s henchmen
![Page 29: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/29.jpg)
Firewall
Listeners
kernel.request
![Page 30: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/30.jpg)
class Firewall{ public $listeners = array();
public function handle($event) { foreach ($this->listeners as $listener) { $listener->handle($event);
if ($event->hasResponse()) return; } }}
![Page 31: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/31.jpg)
class YesListener{ public function handle($event) { // always say yes }}
![Page 32: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/32.jpg)
use Symfony\Component\HttpFoundation\Response;
class NoListener{ public function handle($event) { // always say no $event->setResponse( new Response('go away', 401) ); }}
![Page 33: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/33.jpg)
use Symfony\Component\HttpFoundation\Response;
class PickyListener{ public function handle($event) { $request = $event->getRequest(); $user = $request->headers->get('PHP_AUTH_USER');
// only names that start with "Q" if ('Q' == $user[0]) return;
$event->setResponse(new Response('go away', 401)); }}
![Page 34: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/34.jpg)
AuthenticationAre you who you say you are?
![Page 35: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/35.jpg)
AuthorizationAre you allowed to ____?
![Page 36: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/36.jpg)
TokensThe Language of Security
![Page 37: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/37.jpg)
Authentication ListenersMap from request to token
![Page 38: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/38.jpg)
Request
Response (?) Token
CoreHTTP
![Page 39: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/39.jpg)
![Page 40: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/40.jpg)
![Page 41: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/41.jpg)
AuthenticationListener A
AuthenticationListener B
AuthenticationManager
Firewall
![Page 42: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/42.jpg)
class AuthenticationListener{ public $authMan, $context;
public function handle($e) { $r = $e->getRequest(); $u = $r->headers->get('PHP_AUTH_USER');
$t = new AnonToken($u); $t = $this->authMan->authenticate($t);
$this->context->setToken($t); }}
![Page 43: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/43.jpg)
class AuthenticationManager{ public function authenticate($t) { // always say no }}
![Page 44: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/44.jpg)
class AuthenticationManager{ public function authenticate($t) { // always say yes return new AuthToken($t->getUser()); }}
![Page 45: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/45.jpg)
class AuthenticationManager{ public function authenticate($t) { $u = $t->getUser(); // only names that start with "Q" if ('Q' == $u[0]) { return new AuthToken($u); } }}
![Page 46: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/46.jpg)
Authentication ManagerResponsible for authenticating
the token
![Page 47: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/47.jpg)
Authentication ProvidersDo the actual authentication work
![Page 48: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/48.jpg)
UserProviders
AuthenticationProviders
AuthenticationListener A
AuthenticationListener B
AuthenticationManager
![Page 49: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/49.jpg)
User ProvidersAccess the repository of users
![Page 50: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/50.jpg)
class AuthenticationManager{ public $providers = array();
public function authenticate($t) { foreach ($this->providers as $p) { if ($p->supports($t)) { return $p->authenticate($t); } } }}
![Page 51: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/51.jpg)
class AuthenticationProvider{ public $up;
public function authenticate($t) { $u = $t->getUser(); $u = $this->up->loadUserByUsername($u);
if ($u) return new AuthToken($u); }}
![Page 52: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/52.jpg)
class UserProvider{ public $repo;
public function loadUserByUsername($u) { return ($this->repo->find(array( 'username' => $u, ))); }}
![Page 53: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/53.jpg)
Authentication
![Page 54: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/54.jpg)
Authentication Listeners
• Map client data from request to token
• Pass token to authentication manager
• Update state of security context
![Page 55: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/55.jpg)
Authentication Manager
• Responsible for authenticating the token
• Calls the appropriate authentication provider
• Handles exceptions
![Page 56: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/56.jpg)
Authentication Providers
• Performs authentication using client data in the token
• Marks the token as authenticated
• Attaches the user object to the token
![Page 57: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/57.jpg)
User Providers
• Retrieves the user from the database
![Page 58: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/58.jpg)
Authorization
![Page 59: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/59.jpg)
class AuthorizationListener{ public function handle($e) { // always say yes }}
![Page 60: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/60.jpg)
use Symfony\Component\HttpFoundation\Response;
class AuthorizationListener{ public function handle($e) { // always say no $e->setResponse( new Response('go away', 403) ); }}
![Page 61: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/61.jpg)
Access MapLooks at a request and determines
token requirements
![Page 62: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/62.jpg)
Access Decision ManagerThe gatekeeper
![Page 63: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/63.jpg)
VotersDecisionManager
Listener Map
![Page 64: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/64.jpg)
use Symfony\Component\HttpFoundation\Response;
class AccessListener{ public $context, $map, $decider;
public function handle($e) { $r = $e->getRequest(); $t = $this->context->getToken();
$reqs = $this->map->getRequirements($r);
if (!$this->decider->decide($t, $reqs)) { $e->setResponse( new Response('go away', 403) ); } }}
![Page 65: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/65.jpg)
class AccessMap{ public function getRequirements($r) { $path = $r->getPathInfo(); if (0 === strpos($path, '/admin')) { return array('ADMIN'); } }}
![Page 66: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/66.jpg)
class AccessDecisionManager{ public $voters;
public function decide($t, $reqs) { foreach ($this->voters as $v) { if ($v->vote($t, null, $reqs)) { return true; } }
return false; }}
![Page 67: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/67.jpg)
class AccessVoter{ public function vote($t, $obj, $reqs) { foreach ($reqs as $req) { if (!$t->hasAttribute($req)) { return false; } }
return true; }}
![Page 68: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/68.jpg)
Authorization
![Page 69: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/69.jpg)
Extension Points
![Page 70: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/70.jpg)
The firewall has many listeners
![Page 71: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/71.jpg)
The authentication manager has many authentication providers
![Page 72: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/72.jpg)
Which MAY rely onuser providers
![Page 73: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/73.jpg)
The access decision manager has many voters
Authenticated
Roles
ACL
![Page 74: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/74.jpg)
Questions?
![Page 75: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/75.jpg)
is hiring
![Page 76: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/76.jpg)
![Page 77: Love and Loss: A Symfony Security Play](https://reader036.vdocument.in/reader036/viewer/2022081513/554f4b86b4c905b9508b4920/html5/thumbnails/77.jpg)
“Horrible”“Worst talk ever”
“Go back to high school”
https://joind.in/8665