Geek Answers Handbook

How are security settings in config.yml and security.yml related?

I am trying to configure user management and security in the first test application, and I lost a bit, which does.

My setup so far: Symfony 2.5, SonataUserBundle (and with it FOSUserBundle)

In mine app/config/config.yml, I have the following parameters that I consider relevant in terms of managing site security (most of them are taken from the installation instructions for the various packages that I included):

imports:
    - { resource: security.yml }

[...]

fos_user:
    firewall_name:  main

[...]

security:
    # FOSUserBundle config
    # cf. https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md#step-4-configure-your-applications-securityyml
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username
    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true
    # end of FOSUserBundle config

    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Admin login page needs to be access without credential
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

My app/config/security.ymllooks like this:

security:

    # added with Sonata User Bundle
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512
    # end

    providers:
        in_memory:
            memory: ~
        # added with Sonata User Bundle
        fos_userbundle:
            id: fos_user.user_manager
        # end

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # added with Sonata User Bundle
        # -> custom firewall for the admin area of the URL
        admin:
            pattern:            /admin(.*)
            context:            user
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check
                failure_path:   null
            logout:
                path:           /admin/logout
            anonymous:          true

        # -> end custom configuration

        # default login area for standard users

        # This firewall is used to handle the public login area
        # This part is handled by the FOS User Bundle
        main:
            pattern:             /(.*)
            context:             user
            form_login:
                provider:       fos_userbundle
                login_path:     /login
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
            logout:             true
            anonymous:          true
        # end

        default:
            anonymous: ~

    # Sonata
    acl:
        connection: default

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

Here are my questions:

Configuration Priority

"" Symfony , - security.yml , , config.yml. ?

, , security.yml, config.yml:

  • FOSUserBundle ( , fos_user.user_manager fos_user.user_provider.username)
  • FOS\UserBundle\Model\UserInterface
  • main (^/ vs. .*)

? , , security.yml?

security.yml config.yml ( )?

+4
1

, security: .

app/config/config.yml:

imports:
    - { resource: security.yml }

, security.yml , config.yml Symfony2. , security: app/config/security.yml, .

, . GitHub:

+3

More articles:


All Articles