· 7 years ago · Jul 18, 2018, 02:08 PM
1security:
2
3 # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
4 providers:
5 in_memory:
6 memory: ~
7 user_provider:
8 id: platform.user.provider
9
10 firewalls:
11 # disables authentication for assets and the profiler, adapt it according to your needs
12 dev:
13 pattern: ^/(_(profiler|wdt)|css|images|js)/
14 security: false
15
16 login:
17 pattern: ^/login$
18 anonymous: ~
19
20 oauth_token:
21 pattern: ^/oauth/v2/token
22 security: false
23
24 oauth_authorize:
25 pattern: ^/oauth/v2/auth
26 form_login:
27 provider: user_provider
28 check_path: /oauth/v2/auth_login_check
29 login_path: /oauth/v2/auth_login
30 anonymous: true
31
32 api:
33 pattern: ^/api/.*
34 fos_oauth: true
35 stateless: true
36
37 main:
38 anonymous: ~
39 # activate different ways to authenticate
40
41 # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
42 #http_basic: ~
43
44 # https://symfony.com/doc/current/security/form_login_setup.html
45 #form_login: ~
46 secured_area:
47 pattern: ^/
48 form_login:
49 provider: user_provider
50 check_path: login
51 login_path: login_check
52 logout:
53 path: /logout
54 target: /login
55
56 encoders:
57 SsoBundleEntityUser:
58 algorithm: sha1
59 encode_as_base64: false
60 iterations: 1
61
62 role_hierarchy:
63 ROLE_ADMIN: ROLE_USER
64 ROLE_SUPER_ADMIN: ROLE_ADMIN
65
66 access_control:
67 - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
68 - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
69 - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
70
71<?php
72
73namespace AppBundleController;
74
75use SymfonyBundleFrameworkBundleControllerController;
76use SymfonyComponentHttpFoundationRequest;
77use SymfonyComponentSecurityCoreSecurity;
78
79class SecurityController extends Controller
80{
81 const ACCESS_DENIED_ERROR = '_security.403_error';
82 const AUTHENTICATION_ERROR = '_security.last_error';
83 const LAST_USERNAME = '_security.last_username';
84 const MAX_USERNAME_LENGTH = 4096;
85
86 public function loginAction(Request $request)
87 {
88
89 $session = $request->getSession();
90
91 if ($request->attributes->has(self::AUTHENTICATION_ERROR)) {
92 $error = $request->attributes->get(self::AUTHENTICATION_ERROR);
93 } elseif (null !== $session && $session->has(self::AUTHENTICATION_ERROR)) {
94 $error = $session->get(self::AUTHENTICATION_ERROR);
95 $session->remove(self::AUTHENTICATION_ERROR);
96 } else {
97 $error = '';
98 }
99
100 if ($error) {
101 $error = $error->getMessage(); // WARNING! Symfony source code identifies this line as a potential security threat.
102 }
103
104 $lastUsername = (null === $session) ? '' : $session->get(self::LAST_USERNAME);
105
106// // Add the following lines
107// if ($session->has('_security.target_path')) {
108// if (false !== strpos($session->get('_security.target_path'), $this->generateUrl('fos_oauth_server_authorize'))) {
109// $session->set('_fos_oauth_server.ensure_logout', true);
110// }
111// }
112
113
114 return $this->render(
115 'AppBundle:Security:login.html.twig',
116 array(
117// 'last_username' => $session->get(Security::LAST_USERNAME),
118 'last_username' => $session->get(Security::LAST_USERNAME),
119 'error' => $error,
120 )
121 );
122 }
123
124 public function loginCheckAction(Request $request)
125 {
126
127 }
128}
129
130app:
131 resource: '@AppBundle/Controller/'
132 type: annotation
133
134fos_oauth_server_token:
135 resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml"
136
137fos_oauth_server_authorize:
138 resource: "@FOSOAuthServerBundle/Resources/config/routing/authorize.xml"
139
140acme_oauth_server_auth_login:
141 path: /oauth/v2/auth_login
142 defaults: { _controller: AppBundle:Security:login }
143
144acme_oauth_server_auth_login_check:
145 path: /oauth/v2/auth_login_check
146 defaults: { _controller: AppBundle:Security:loginCheck }
147
148user:
149 path: /api/user
150 defaults: { _controller: AppBundle:Api:user }
151# Security
152logout:
153 path: /logout