Commit Graph

154 Commits

Author SHA1 Message Date
Alexey Popkov
7423f0bf50 [SecurityBundle] fixed missing argument EventDisplatcher in RememberMe service 2011-03-24 14:00:16 +03:00
Johannes Schmitt
a56dbec6d8 [Security] removed un-needed event parameter from many interfaces 2011-03-18 18:26:55 +01:00
Fabien Potencier
9d8c053d42 updated icons for swiftmailer and security 2011-03-18 15:19:39 +01:00
Fabien Potencier
20a717ea3c [WebProfileBundle] added the controller callable name in the WDT (also tweaked the CSS to free some space) 2011-03-18 14:57:41 +01:00
Jordi Boggiano
8fabca609f Added monolog tags to create all core channels 2011-03-18 12:29:20 +01:00
Fabien Potencier
6c8e71c8e7 renamed filterCore* to onCore*
The onCore* events are fired at some pre-defined points during the
handling of a request. At this is more important than the fact
that you can change things from the event.
2011-03-17 17:01:59 +01:00
Bernhard Schussek
5f14d8d6aa Merge remote branch 'symfony/master' into event-manager
Conflicts:
	src/Symfony/Bundle/AsseticBundle/CacheWarmer/AssetWriterCacheWarmer.php
	src/Symfony/Bundle/AsseticBundle/Tests/CacheWarmer/AssetWriterCacheWarmerTest.php
	src/Symfony/Bundle/FrameworkBundle/Profiler/ProfilerListener.php
	src/Symfony/Bundle/FrameworkBundle/Resources/config/profiling.xml
	src/Symfony/Component/HttpKernel/HttpKernel.php
	src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
	src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
2011-03-17 12:34:12 +01:00
Fabien Potencier
2cf0601f18 [SecurityBundle] made the anonymous key parameter configurable and random by default 2011-03-16 09:31:28 +01:00
Fabien Potencier
2610e1b699 [SecurityBundle] made user and credentials configuration for X509 authentication 2011-03-16 09:30:48 +01:00
Fabien Potencier
b638cf07a5 [SecurityBundle] made realm configurable for HTTP basic and digest authentication 2011-03-16 09:29:44 +01:00
Fabien Potencier
db27b4d288 [SecurityBundle] made a small tweak to the WDT panel 2011-03-15 22:52:09 +01:00
Fabien Potencier
11f42a82dc [SecurityBundle] added a note about why a user can be logged in but not authenticated 2011-03-15 22:02:26 +01:00
Fabien Potencier
39504fc98d [SecurityBundle] made some tweaks to the security profiler panel 2011-03-15 21:50:56 +01:00
Fabien Potencier
44c95f97a4 [SecurityBundle] fixed profiler template when the user is logged in but has no roles 2011-03-15 21:48:49 +01:00
Fabien Potencier
345e2d39b5 [SecurityBundle] tweaked WDT security tab 2011-03-15 21:02:36 +01:00
Fabien Potencier
50e463977b Merge remote branch 'vicb/profiler_again' 2011-03-15 13:37:52 +01:00
hhamon
201cb65ecd [SecurityBundle] fixed typo in security_rememberme.xml services definition 2011-03-14 19:46:11 +01:00
Johannes M. Schmitt
032fa2bde8 [Security] fixed default entity provider 2011-03-14 17:31:29 +01:00
Victor Berchet
8128300baa [WebProfilerBundle] Revert the support for a status in data collectors 2011-03-14 17:24:11 +01:00
Bernhard Schussek
06c682b4fb Switched from Doctrine's EventManager implementation to the EventManager clone in Symfony2 (now called EventDispatcher again) 2011-03-13 19:49:10 +01:00
Bernhard Schussek
25931caeab Merge remote branch 'symfony/master' into event-manager
Conflicts:
	src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventManager.php
	src/Symfony/Bundle/WebProfilerBundle/WebDebugToolbarListener.php
	src/Symfony/Component/Security/Http/Firewall.php
	src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
	src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
	src/Symfony/Component/Security/Http/Firewall/AccessListener.php
	src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
	src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
	src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
	src/Symfony/Component/Security/Http/Firewall/ContextListener.php
	src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
	src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
	src/Symfony/Component/Security/Http/Firewall/ListenerInterface.php
	src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
	src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
	src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
	tests/Symfony/Tests/Component/Security/Http/Firewall/RememberMeListenerTest.php
2011-03-13 19:15:25 +01:00
Victor Berchet
5b39894efc [WebProfilerBundle] Add shortcuts to the panels in the toolbar 2011-03-13 15:50:44 +01:00
Victor Berchet
f752dd34a0 [Profiler] Profilers now return a status which is used for visual feedback 2011-03-13 15:50:44 +01:00
Victor Berchet
481bb4cdf9 [WebProfilerBundle] Introduce a template for toolbar items 2011-03-13 15:50:44 +01:00
Kris Wallsmith
1314d6fda7 fixed listener definition 2011-03-12 13:24:57 +01:00
Johannes Schmitt
d8022e34eb [Security] removed core.security event 2011-03-11 01:43:22 +01:00
Johannes M. Schmitt
3d97638813 [Security] refactored remember-me code 2011-03-11 01:19:55 +01:00
Johannes Schmitt
1d5538fc60 [Security] various changes, see below
- visibility changes from protected to private
- AccountInterface -> UserInterface
- SecurityContext::vote() -> SecurityContext::isGranted()
2011-03-10 10:25:32 +01:00
Bernhard Schussek
a54d3e6fb0 Merge remote branch 'symfony/master' into event-manager 2011-03-07 19:15:57 +01:00
Francis Besset
a7e1058898 [WebProfilerBundle] Added security icon for the Web Profiler menu 2011-03-06 23:28:45 +01:00
Francis Besset
f3eca3dab7 [SecurityBundle] Resize security icon for the web debug toolbar 2011-03-06 16:17:54 +01:00
Francis Besset
354996e344 [SecurityBundle] Fixed typo 2011-03-06 15:46:21 +01:00
Francis Besset
4c0f7f26e4 [WebProfiler] Fixed integration of web debug toolbar 2011-03-06 15:30:02 +01:00
Fabien Potencier
8c423edfef replaced symfony-project.org by symfony.com 2011-03-06 12:40:06 +01:00
alexandresalome
659bfc5615 Remove png_fix class 2011-03-06 11:44:58 +01:00
hhamon
ce7fddd4ea [SecurityBundle] updated profiler panel for the latest profiler theme 2011-03-06 11:44:57 +01:00
hhamon
1134fd17ab [SecurityBundle] fixed authentication panel for the new web debug toolbar layout 2011-03-06 11:44:56 +01:00
Bernhard Schussek
f1393d7b1f Replaced EventDispatcher by Doctrine's EventManager implementation
Doctrine's EventManager implementation has several advantages over the
EventDispatcher implementation of Symfony2. Therefore I suggest that we
use their implementation.

Advantages:

 * Event Listeners are objects, not callbacks. These objects have handler
   methods that have the same name as the event. This helps a lot when
   reading the code and makes the code for adding an event listener shorter.
 * You can create Event Subscribers, which are event listeners with an
   additional getSubscribedEvents() method. The benefit here is that the
   code that registers the subscriber doesn't need to know about its
   implementation.
 * All events are defined in static Events classes, so users of IDEs benefit
   of code completion
 * The communication between the dispatching class of an event and all
   listeners is done through a subclass of EventArgs. This subclass can be
   tailored to the type of event. A constructor, setters and getters can be
   implemented that verify the validity of the data set into the object.
   See examples below.
 * Because each event type corresponds to an EventArgs implementation,
   developers of event listeners can look up the available EventArgs methods
   and benefit of code completion.
 * EventArgs::stopPropagation() is more flexible and (IMO) clearer to use
   than notifyUntil(). Also, it is a concept that is also used in other
   event implementations

Before:

    class EventListener
    {
        public function handle(EventInterface $event, $data) { ... }
    }

    $dispatcher->connect('core.request', array($listener, 'handle'));
    $dispatcher->notify('core.request', new Event(...));

After (with listeners):

    final class Events
    {
        const onCoreRequest = 'onCoreRequest';
    }

    class EventListener
    {
        public function onCoreRequest(RequestEventArgs $eventArgs) { ... }
    }

    $evm->addEventListener(Events::onCoreRequest, $listener);
    $evm->dispatchEvent(Events::onCoreRequest, new RequestEventArgs(...));

After (with subscribers):

    class EventSubscriber
    {
        public function onCoreRequest(RequestEventArgs $eventArgs) { ... }

        public function getSubscribedEvents()
        {
            return Events::onCoreRequest;
        }
    }

    $evm->addEventSubscriber($subscriber);
    $evm->dispatchEvent(Events::onCoreRequest, new RequestEventArgs(...));
2011-03-05 15:30:34 +01:00
Kris Wallsmith
2b2a7f0a1d added nowrap style to WDT toolbar so image and text stays together when the toolbar wraps 2011-02-24 06:14:08 -08:00
Johannes M. Schmitt
1a0742003f [Security] use 'database_connection' as default connection for ACL 2011-02-16 23:00:27 +01:00
Johannes M. Schmitt
53f3ff8258 [Security] adds a chain user provider 2011-02-16 23:00:27 +01:00
Johannes Schmitt
82c6844147 [Security] moved Security classes out of DoctrineBundle, cleaned-up SecurityExtension accordingly
Note that this commit removes the built-in support for MongoDB user providers.
This code can be moved back in once there is a stable release for MongoDB, but
for now you have to set-up that user provider just like you would set-up any
custom user provider:

    security:
         providers:
             document_provider:
                 id: my.mongo.provider
2011-02-16 23:00:27 +01:00
Johannes Schmitt
dfd921822a [Security/Http] Adds CSRF protection to the form-login 2011-02-16 23:00:27 +01:00
Johannes Schmitt
b685b3ab4d [Security] adds logout success handler 2011-02-14 20:55:07 +01:00
Johannes Schmitt
bc283f1a66 [Security] removed 'security.authentication_provider' tag 2011-02-14 20:55:06 +01:00
Johannes M. Schmitt
0643dc44fd [Security] adds a priority attribute to security voters 2011-02-14 20:55:06 +01:00
Christophe Coevoet
556305b4ac Fixed the default value of the access denied url
The custom error page is now disabled by default as this would throw an
exception if the /access_denied url does not match a route.
This commit also remove the old parameter for this url which is not used
anymore in the code.

Moved the default value to the Configuration class
2011-02-12 22:11:11 +01:00
Johannes Schmitt
0b8fef2347 [Security/DependencyInjection] adds support for merging security configurations
The merging is done in three steps:

    1. Normalization:
    =================
    All passed config arrays will be transformed into the same structure
    regardless of what format they come from.

    2. Merging:
    ===========
    This is the step when the actual merging is performed. Starting at the root
    the configs will be passed along the tree until a node has no children, or
    the merging of sub-paths of the current node has been specifically disabled.

       Left-Side       Right-Side      Merge Result
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       -nothing-       array           Right-Side will be taken.
       scalar          scalar          Right-Side will be taken.
       array           false           Right-Side will be taken if ->canBeUnset()
                                       was called on the array node.
       false           array           Right-Side will be taken.
       array           array           Each value in the array will be passed to
                                       the specific child node, or the prototype
                                       node (whatever is present).

    3. Finalization:
    ================
    The normalized, and merged config will be passed through the config tree to
    perform final validation on the submitted values, and set default values
    where this has been requested.

You can influence this process in various ways, here is a list with some examples.
All of these methods must be called on the node on which they should be applied.

  * isRequired(): Node must be present in at least one config file.
  * requiresAtLeastOneElement(): PrototypeNode must have at least one element.
  * treatNullLike($value): Replaces null with $value during normalization.
  * treatTrueLike($value): Same as above just for true
  * treatFalseLike($value): Same as above just for false
  * defaultValue($value): Sets a default value for this node (only for scalars)
  * addDefaultsIfNotSet(): Whether to add default values of an array which has not
                           been defined in any configuration file.
  * disallowNewKeysInSubsequentConfigs(): All keys for this array must be defined
                                          in one configuration file, subsequent
                                          configurations may only overwrite these.
  * fixXmlConfig($key, $plural = null): Transforms XML config into same structure
                                        as YAML, and PHP configurations.
  * useAttributeAsKey($name): Defines which XML attribute to use as array key.
  * cannotBeOverwritten(): Declares a certain sub-path as non-overwritable. All
                           configuration for this path must be defined in the same
                           configuration file.
  * cannotBeEmpty(): If value is set, it must be non-empty.
  * canBeUnset(): If array values should be unset if false is specified.

Architecture:
=============
The configuration consists basically out of two different sets of classes.

  1. Builder classes: These classes provide the fluent interface and
                      are used to construct the config tree.

  2. Node classes: These classes contain the actual logic for normalization,
                   merging, and finalizing configurations.

After you have added all the metadata to your builders, the call to
->buildTree() will convert this metadata to actual node classes. Most of the
time, you will not have to interact with the config nodes directly, but will
delegate this to the Processor class which will call the respective methods
on the config node classes.
2011-02-06 20:11:08 +01:00
Johannes M. Schmitt
3ac4994507 [Security] added missing argument to SwitchUserListener 2011-01-29 10:22:27 +01:00
Johannes M. Schmitt
e23f39c42f [Security] config refactoring 2011-01-29 10:22:26 +01:00
Christophe Coevoet
96a0a7e7d1 Fixed SecurityDataCollector 2011-01-29 10:12:07 +01:00
Johannes M. Schmitt
cf64d2cfe7 namespace changes
Symfony\Component\Security -> Symfony\Component\Security\Core
Symfony\Component\Security\Acl remains unchanged
Symfony\Component\HttpKernel\Security -> Symfony\Component\Security\Http
2011-01-26 22:23:20 +01:00
Lukas Kahwe Smith
d10f631c3d fixed security engine loading 2011-01-26 21:15:00 +01:00
Fabien Potencier
e645090423 moved security related things to a new SecurityBundle (the Security component is left unchanged) 2011-01-26 19:10:54 +01:00