I am trying to create a custom bundle that is using a special authentication service. This bundle will be used by all of our projects.
I want to make it so it is needed a little configuration to use it.
My problem appears when i'm trying to add a security config inside my package like so:
# security.yml
security:
providers:
specialauth:
id: AuthBundle\Security\SpecialAuthProvider
firewalls:
main:
logout:
path: '/logout'
When I do this inside my bundle I get this error:
Looked for namespace "security", found none
If I move this security configuration inside my app/config it works ok but I want this config to stay in the AuthBundle so the developers don't have to configure much stuff for every project.
Is this a restriction from symfony not allowing security configs from external bundles or what can the problem be?
You can import your security.yml inside the security file of the project:
app/config/security.yml :
imports:
- { resource: '#AuthBundle/Resources/config/security.yml' }
Related
I have a controller, where I use the #IsGranted(IS_AUTHENTICATED_ANONYMOUSLY) annotation to allow all users to access, and I also have a security.yaml.
But I the annotation does not seem to work.
Controller
/**
* #Route("/example",name="app_example")
* #IsGranted("IS_AUTHENTICATED_ANONYMOUSLY")
*/
public function example(): RedirectResponse
{
/// omit
}
security.yaml
access_control:
- { path: ^/, roles: ROLE_ADMIN }
When I access /example, I'm requested to login.
I know I can manage by moving IS_AUTHENTICATED_ANONYMOUSLY to security.yaml but I want to know the way to use annotation.
The #IsGranted() (from SensioFrameworkExtraBundle) is checked on an event that comes after Symfony Security access control.
Since you have contradictory configurations (your main security configuration demands authentication on all routes, and your the annotation on your controller simply says "no authentication on this route"), the main security configuration "wins".
If you want to have security configuration both in the configuration file and as annotations, the configuration shouldn't overlap and contradict each other.
If they conflict, for the #IsGranted() annotations to work they can be more restrictive than the main security configuration, but not more open.
I'm working on a Symfony 4 projet and I have read Symfony documentation about autowiring
My problem is not really about autowiring but importted files.
This Symfony documentation says that you can import your services in many files.
In my project, I have the service.yaml in the config folder which import all services in services folder
imports:
- { resource: './services/admin.yaml'}
- { resource: './services/front.yaml'}
- { resource: './services/core.yaml' }
services:
_defaults:
autowire: true
autoconfigure: true
So i need to override a service autowiring because it has two strings in constructor and I need to wire those arguments manually
extranet.form.data_subscriber.remove_empty_reference_fields:
class: Extranet\Admin\Form\DataSubscriber\RemoveEmptyFieldsSubscriber
arguments:
$collectionName: references
$childName: name
Extranet\Admin\Form\DataSubscriber\RemoveEmptyFieldsSubscriber: '#extranet.form.data_subscriber.remove_empty_reference_fields'
Extranet\Admin\Form\DataSubscriber\RemoveEmptyFieldsSubscriberInterface: '#Extranet\Admin\Form\DataSubscriber\RemoveEmptyFieldsSubscriber'
But now if I put this service directly in my services.yaml at the end of file it works.
My question is, how I can override autowiring with services not configured directly in the services.yaml
Let me know if you can help me, thanks
EDIT
I already tried to put the imports part at the end of services.yaml file
I'm updating a project built with Symfony2.7 to Symfony4, everything is working fine and have good compatibility, but one thing that should be fine, a built-in resource, the security layer, doesn't work as expected.
The problem I'm facing is that I can't logout users anymore. I followed the steps on the guide but nothing changed.
Below is the security config:
#config/packages/security.yaml
security:
encoders:
App\Entity\Clients:
algorithm: bcrypt
providers:
app_user_provider:
entity:
class: App\Entity\Clients
firewalls:
app:
pattern: ^/
anonymous: ~
provider: app_user_provider
remember_me:
secret: "%kernel.secret%"
form_login:
use_referer: true
login_path: login
check_path: login_check
always_use_default_target_path: false
default_target_path: dashboard
csrf_token_generator: security.csrf.token_manager
logout:
path: logout
target: home
invalidate_session: false
The paths I'm using are route names, but also tried the path itself.
I can normally login any user, but when I hit the logout route, I'm just redirected to home route, but the user is still authenticated.
Tried to set a custom handler logout like:
logout:
handlers: [logout_handler]
It references to a service implementing Symfony\Component\Security\Http\Logout\LogoutHandlerInterface, but it didn't even call the handler.
It would be great if I could only use the default handler, and it's necessary to maintain the "remember_me" behavior, which was also working fine in 2.7.
Could anyone help me with that?
EDIT: My config routes.yaml is empty, 'cause I'm using annotation routes, the config/packages/routing.yaml is as follows:
framework:
router:
strict_requirements: ~
Just like when initialized with the composer create-project command.
And for the annotations config I have the file config/routes/annotations.yaml:
controllers:
resource: ../../src/Controller/
type: annotation
Again, it's the config the recipe created by itself.
You need remove logout action in your controller,
next add route to config/routes.yaml.
More info here.
https://symfony.com/doc/current/security.html#logging-out
I achieved the result of logging out by removing the REMEMBERME cookie with a **LogoutSuccessHandler* (reference).
I think of this as being an ugly workaround, but the result was satisfactory, as everything worked fine. But still don't know why it didn't worked automatically with the configs, also why I couldn't use a custom logout handler. If anyone comes up with better answer, I can mark it as the accepted answer.
If you follow the instructions at Symfony Security Logging Out, make sure you use the proper route name to get to /logout. I had to use 'app_logout' to actually get it to logout and I was not able to change that path name in the Security.yaml file without also modifying the controller annotations (see below). No controller needed. No custom handler needed (thank god).
After you configure logout, try running php bin/console debug:router to check the actual route to /logout.
The logout part of my Security.yaml looked like this:
logout:
path: app_logout
# where to redirect after logout
target: front
Based on instructions, I added an empty controller (if you want custom path names, you'll have to change the path names here plus add the change to Security.yaml):
<?php
//App/Controller/SecurityController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class SecurityController extends AbstractController
{
/**
* #Route("/logout", name="app_logout")
*/
public function logout()
{
throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
}
}
My call looked like this:
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a>
I have the following ACL settings in my secirity.yml file
fos_user_resetting:
path: /backend/request
roles: [IS_AUTHENTICATED_ANONYMOUSLY]
super_admin_pages:
path: /backend/.*
roles: [ROLE_SUPER,ROLE_USERS]
Also i found setting access permission using #secirity tag in the routing annotation.
My question is, is it possible to add security (access permission according to roles like in secirity.yml) for each path in routing.yml file
Nope, there is no such argument for securing routes directly in your routing file. The common part between ACL and routing are paths.
See all the details in the Security chapter of Symfony doc.
When using app_dev.php, there are some useful url for me to debug project. Such as
check_debug:
pattern: /check_url1
defaults: {....}
check_debug_and_prod:
pattern: /check_url2
defaults: {....}
check_prod:
pattern: /check_url3
defaults: {....}
I want to disable 'check_debug' when I using app.php(prod env), and disable 'check_prod' when I using app_dev.php(dev env), and keep 'check_debug_and_prod' both when using app.php or app_dev.php.
How to config in SF2?
You can have multiple routing.yml files for different environments. E. g. app/config/routing.yml, app/config/routing_dev.yml
You can have different routing files for different environments:
Create src/AAA/Bundle/CCBundle/Resource/config/routing.yml
Create src/AAA/Bundle/CCBundle/Resource/config/routing_dev.yml
Include src/AAA/Bundle/CCBundle/Resource/config/routing.yml in app/config/routing.yml
Include src/AAA/Bundle/CCBundle/Resource/config/routing_dev.yml in app/config/routing_dev.yml
You can use the routing_dev.yml to add routes you only want in the dev mode. When you will use app.php it will only check for routing.yml and this way you will not have to be preoccupied by the unwanted routes.
You can also create your own routing files. See how Sf2 handles to import inside yml files.