SymfonyCasts stands united with the people of Ukraine
If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.
Open up app/config/security.yml. Security - especially authentication - is all
configured here. We'll look at this piece-by-piece, but there's one section that's
more important than all the rest: firewalls:
| # To get started with security, check out the documentation: | |
| # http://symfony.com/doc/current/book/security.html | |
| security: | |
| ... lines 4 - 9 | |
| firewalls: | |
| # disables authentication for assets and the profiler, adapt it according to your needs | |
| dev: | |
| pattern: ^/(_(profiler|wdt)|css|images|js)/ | |
| security: false | |
| main: | |
| anonymous: ~ | |
| # activate different ways to authenticate | |
| # http_basic: ~ | |
| # http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate | |
| # form_login: ~ | |
| # http://symfony.com/doc/current/cookbook/security/form_login_setup.html |
Your firewall is your authentication system: it's like the security desk you pass
when going into a building. Now, there's always only one firewall that's active
on any request. You see, if you go to a URL that starts with /_profiler, /_wdt
or /css, you hit the dev firewall only:
| ... lines 1 - 2 | |
| security: | |
| ... lines 4 - 9 | |
| firewalls: | |
| # disables authentication for assets and the profiler, adapt it according to your needs | |
| dev: | |
| pattern: ^/(_(profiler|wdt)|css|images|js)/ | |
| security: false | |
| ... lines 15 - 25 |
This basically turns security off: it's like sneaking through the side door of a building that has no security desk. This is here to prevent us from getting over-excited with security and accidentally securing our debugging tools.
In reality, every real request will activate the main firewall:
| ... lines 1 - 2 | |
| security: | |
| ... lines 4 - 9 | |
| firewalls: | |
| ... lines 11 - 15 | |
| main: | |
| anonymous: ~ | |
| # activate different ways to authenticate | |
| # http_basic: ~ | |
| # http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate | |
| # form_login: ~ | |
| # http://symfony.com/doc/current/cookbook/security/form_login_setup.html |
Because it has no pattern key, it matches all URLs. Oh, and these keys - main and dev,
are meaningless.
Our job is to activate different ways to authenticate under this one firewall. We might allow the user to authenticate via a form login, HTTP basic, an API token, Facebook login or all of these.
So - if you ignore the dev firewall, we really only have one firewall, and I
want yours to look like mine. There are use-cases for having multiple firewalls,
but you probably don't need it. If you're curious, we do set this up on our Symfony
REST API course.
Ok, we want to activate a system that allows the user to submit their email and
password to login. If you look at the official documentation about this, you'll notice
they add a key called form_login under their firewall. Then, everything just magically
works. I mean, literally: you submit your login form, Symfony intercepts the request
and takes care of everything else.
It's really cool because it's quick to set up! But it's super magical and hard to extend and control. If you're using FOSUserBundle, they also recommend that you use this.
But, you have a choice. We won't use this. Instead, we'll use a system that's new in Symfony 2.8 called Guard. It is more work to setup, but you'll have control over everything from day 1.
// composer.json
{
"require": {
"php": ">=5.5.9",
"symfony/symfony": "3.1.*", // v3.1.4
"doctrine/orm": "^2.5", // v2.7.2
"doctrine/doctrine-bundle": "^1.6", // 1.6.4
"doctrine/doctrine-cache-bundle": "^1.2", // 1.3.0
"symfony/swiftmailer-bundle": "^2.3", // v2.3.11
"symfony/monolog-bundle": "^2.8", // 2.11.1
"symfony/polyfill-apcu": "^1.0", // v1.2.0
"sensio/distribution-bundle": "^5.0", // v5.0.22
"sensio/framework-extra-bundle": "^3.0.2", // v3.0.16
"incenteev/composer-parameter-handler": "^2.0", // v2.1.2
"composer/package-versions-deprecated": "^1.11", // 1.11.99
"knplabs/knp-markdown-bundle": "^1.4", // 1.4.2
"doctrine/doctrine-migrations-bundle": "^1.1" // 1.1.1
},
"require-dev": {
"sensio/generator-bundle": "^3.0", // v3.0.7
"symfony/phpunit-bridge": "^3.0", // v3.1.3
"nelmio/alice": "^2.1", // 2.1.4
"doctrine/doctrine-fixtures-bundle": "^2.3" // 2.3.0
}
}