merged branch pkruithof/firewall-host-option (PR #8905)
This PR was merged into the master branch.
Discussion
----------
Added 'host' option to firewall configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7103
| License | MIT
| Doc PR |
This is a follow-up of #8880.
Commits
-------
94d648b Added 'host' option to firewall configuration
This commit is contained in:
Fabien Potencier
commit
d1ef0f3fdd
@ -1,6 +1,11 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
2.4.0
|
||||||
|
-----
|
||||||
|
|
||||||
|
* Added 'host' option to firewall configuration
|
||||||
|
|
||||||
2.3.0
|
2.3.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|||||||
@ -199,6 +199,7 @@ class MainConfiguration implements ConfigurationInterface
|
|||||||
|
|
||||||
$firewallNodeBuilder
|
$firewallNodeBuilder
|
||||||
->scalarNode('pattern')->end()
|
->scalarNode('pattern')->end()
|
||||||
|
->scalarNode('host')->end()
|
||||||
->booleanNode('security')->defaultTrue()->end()
|
->booleanNode('security')->defaultTrue()->end()
|
||||||
->scalarNode('request_matcher')->end()
|
->scalarNode('request_matcher')->end()
|
||||||
->scalarNode('access_denied_url')->end()
|
->scalarNode('access_denied_url')->end()
|
||||||
|
|||||||
@ -244,8 +244,10 @@ class SecurityExtension extends Extension
|
|||||||
$matcher = null;
|
$matcher = null;
|
||||||
if (isset($firewall['request_matcher'])) {
|
if (isset($firewall['request_matcher'])) {
|
||||||
$matcher = new Reference($firewall['request_matcher']);
|
$matcher = new Reference($firewall['request_matcher']);
|
||||||
} elseif (isset($firewall['pattern'])) {
|
} elseif (isset($firewall['pattern']) || isset($firewall['host'])) {
|
||||||
$matcher = $this->createRequestMatcher($container, $firewall['pattern']);
|
$pattern = isset($firewall['pattern']) ? $firewall['pattern'] : null;
|
||||||
|
$host = isset($firewall['host']) ? $firewall['host'] : null;
|
||||||
|
$matcher = $this->createRequestMatcher($container, $pattern, $host);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Security disabled?
|
// Security disabled?
|
||||||
|
|||||||
@ -85,9 +85,41 @@ abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
|
|||||||
'security.access_listener',
|
'security.access_listener',
|
||||||
'security.authentication.switchuser_listener.secure',
|
'security.authentication.switchuser_listener.secure',
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'security.channel_listener',
|
||||||
|
'security.context_listener.0',
|
||||||
|
'security.authentication.listener.basic.host',
|
||||||
|
'security.authentication.listener.anonymous.host',
|
||||||
|
'security.access_listener',
|
||||||
|
),
|
||||||
), $listeners);
|
), $listeners);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testFirewallRequestMatchers()
|
||||||
|
{
|
||||||
|
$container = $this->getContainer('container1');
|
||||||
|
|
||||||
|
$arguments = $container->getDefinition('security.firewall.map')->getArguments();
|
||||||
|
$matchers = array();
|
||||||
|
|
||||||
|
foreach ($arguments[1] as $reference) {
|
||||||
|
if ($reference instanceof Reference) {
|
||||||
|
$definition = $container->getDefinition((string) $reference);
|
||||||
|
$matchers[] = $definition->getArguments();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->assertEquals(array(
|
||||||
|
array(
|
||||||
|
'/login',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'/test',
|
||||||
|
'foo\\.example\\.org',
|
||||||
|
),
|
||||||
|
), $matchers);
|
||||||
|
}
|
||||||
|
|
||||||
public function testAccess()
|
public function testAccess()
|
||||||
{
|
{
|
||||||
$container = $this->getContainer('container1');
|
$container = $this->getContainer('container1');
|
||||||
|
|||||||
@ -71,6 +71,12 @@ $container->loadFromExtension('security', array(
|
|||||||
'x509' => true,
|
'x509' => true,
|
||||||
'logout' => true,
|
'logout' => true,
|
||||||
),
|
),
|
||||||
|
'host' => array(
|
||||||
|
'pattern' => '/test',
|
||||||
|
'host' => 'foo\\.example\\.org',
|
||||||
|
'anonymous' => true,
|
||||||
|
'http_basic' => true,
|
||||||
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
'access_control' => array(
|
'access_control' => array(
|
||||||
|
|||||||
@ -57,6 +57,11 @@
|
|||||||
<logout />
|
<logout />
|
||||||
</firewall>
|
</firewall>
|
||||||
|
|
||||||
|
<firewall name="host" pattern="/test" host="foo\.example\.org">
|
||||||
|
<anonymous />
|
||||||
|
<http-basic />
|
||||||
|
</firewall>
|
||||||
|
|
||||||
<role id="ROLE_ADMIN">ROLE_USER</role>
|
<role id="ROLE_ADMIN">ROLE_USER</role>
|
||||||
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
||||||
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
||||||
|
|||||||
@ -53,6 +53,11 @@ security:
|
|||||||
switch_user: true
|
switch_user: true
|
||||||
x509: true
|
x509: true
|
||||||
logout: true
|
logout: true
|
||||||
|
host:
|
||||||
|
pattern: /test
|
||||||
|
host: foo\.example\.org
|
||||||
|
anonymous: true
|
||||||
|
http_basic: true
|
||||||
|
|
||||||
role_hierarchy:
|
role_hierarchy:
|
||||||
ROLE_ADMIN: ROLE_USER
|
ROLE_ADMIN: ROLE_USER
|
||||||
|
|||||||
Reference in New Issue
Block a user