Added 'host' option to firewall configuration
This commit is contained in:
Peter Kruithof
parent
cade045e34
commit
94d648b75c
|
|
@ -1,6 +1,11 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
|
||||
2.4.0
|
||||
-----
|
||||
|
||||
* Added 'host' option to firewall configuration
|
||||
|
||||
2.3.0
|
||||
-----
|
||||
|
||||
|
|
|
|||
|
|
@ -199,6 +199,7 @@ class MainConfiguration implements ConfigurationInterface
|
|||
|
||||
$firewallNodeBuilder
|
||||
->scalarNode('pattern')->end()
|
||||
->scalarNode('host')->end()
|
||||
->booleanNode('security')->defaultTrue()->end()
|
||||
->scalarNode('request_matcher')->end()
|
||||
->scalarNode('access_denied_url')->end()
|
||||
|
|
|
|||
|
|
@ -244,8 +244,10 @@ class SecurityExtension extends Extension
|
|||
$matcher = null;
|
||||
if (isset($firewall['request_matcher'])) {
|
||||
$matcher = new Reference($firewall['request_matcher']);
|
||||
} elseif (isset($firewall['pattern'])) {
|
||||
$matcher = $this->createRequestMatcher($container, $firewall['pattern']);
|
||||
} elseif (isset($firewall['pattern']) || isset($firewall['host'])) {
|
||||
$pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null;
|
||||
$host = isset($firewall['host']) ? $firewall['host'] : null;
|
||||
$matcher = $this->createRequestMatcher($container, $pattern, $host);
|
||||
}
|
||||
|
||||
// Security disabled?
|
||||
|
|
|
|||
|
|
@ -85,9 +85,41 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
|
|||
'security.access_listener',
|
||||
'security.authentication.switchuser_listener.secure',
|
||||
),
|
||||
array(
|
||||
'security.channel_listener',
|
||||
'security.context_listener.0',
|
||||
'security.authentication.listener.basic.host',
|
||||
'security.authentication.listener.anonymous.host',
|
||||
'security.access_listener',
|
||||
),
|
||||
), $listeners);
|
||||
}
|
||||
|
||||
public function testFirewallRequestMatchers()
|
||||
{
|
||||
$container = $this->getContainer('container1');
|
||||
|
||||
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
|
||||
$matchers = array();
|
||||
|
||||
foreach ($arguments[1] as $reference) {
|
||||
if ($reference instanceof Reference) {
|
||||
$definition = $container->getDefinition((string) $reference);
|
||||
$matchers[] = $definition->getArguments();
|
||||
}
|
||||
}
|
||||
|
||||
$this->assertEquals(array(
|
||||
array(
|
||||
'/login',
|
||||
),
|
||||
array(
|
||||
'/test',
|
||||
'foo\\.example\\.org',
|
||||
),
|
||||
), $matchers);
|
||||
}
|
||||
|
||||
public function testAccess()
|
||||
{
|
||||
$container = $this->getContainer('container1');
|
||||
|
|
|
|||
|
|
@ -71,6 +71,12 @@ $container->loadFromExtension('security', array(
|
|||
'x509' => true,
|
||||
'logout' => true,
|
||||
),
|
||||
'host' => array(
|
||||
'pattern' => '/test',
|
||||
'host' => 'foo\\.example\\.org',
|
||||
'anonymous' => true,
|
||||
'http_basic' => true,
|
||||
),
|
||||
),
|
||||
|
||||
'access_control' => array(
|
||||
|
|
|
|||
|
|
@ -57,6 +57,11 @@
|
|||
<logout />
|
||||
</firewall>
|
||||
|
||||
<firewall name="host" pattern="/test" host="foo\.example\.org">
|
||||
<anonymous />
|
||||
<http-basic />
|
||||
</firewall>
|
||||
|
||||
<role id="ROLE_ADMIN">ROLE_USER</role>
|
||||
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
||||
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
||||
|
|
|
|||
|
|
@ -53,6 +53,11 @@ security:
|
|||
switch_user: true
|
||||
x509: true
|
||||
logout: true
|
||||
host:
|
||||
pattern: /test
|
||||
host: foo\.example\.org
|
||||
anonymous: true
|
||||
http_basic: true
|
||||
|
||||
role_hierarchy:
|
||||
ROLE_ADMIN: ROLE_USER
|
||||
|
|
|
|||
Reference in New Issue