The start of something beautiful
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\DataCollector\SecurityDataCollector;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('data_collector.security', SecurityDataCollector::class)
|
||||
->args([
|
||||
service('security.untracked_token_storage'),
|
||||
service('security.role_hierarchy'),
|
||||
service('security.logout_url_generator'),
|
||||
service('security.access.decision_manager'),
|
||||
service('security.firewall.map'),
|
||||
service('debug.security.firewall')->nullOnInvalid(),
|
||||
])
|
||||
->tag('data_collector', [
|
||||
'template' => '@Security/Collector/security.html.twig',
|
||||
'id' => 'security',
|
||||
'priority' => 270,
|
||||
])
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Component\PasswordHasher\Command\UserPasswordHashCommand;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.command.user_password_hash', UserPasswordHashCommand::class)
|
||||
->args([
|
||||
service('security.password_hasher_factory'),
|
||||
abstract_arg('list of user classes'),
|
||||
])
|
||||
->tag('console.command')
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\Command\DebugFirewallCommand;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.command.debug_firewall', DebugFirewallCommand::class)
|
||||
->args([
|
||||
param('security.firewalls'),
|
||||
service('security.firewall.context_locator'),
|
||||
tagged_locator('event_dispatcher.dispatcher', 'name'),
|
||||
[],
|
||||
false,
|
||||
])
|
||||
->tag('console.command', ['command' => 'debug:firewall'])
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Component\Form\Extension\Core\Type\FormType;
|
||||
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
|
||||
use Symfony\Component\Form\Extension\PasswordHasher\EventListener\PasswordHasherListener;
|
||||
use Symfony\Component\Form\Extension\PasswordHasher\Type\FormTypePasswordHasherExtension;
|
||||
use Symfony\Component\Form\Extension\PasswordHasher\Type\PasswordTypePasswordHasherExtension;
|
||||
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactory;
|
||||
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.password_hasher_factory', PasswordHasherFactory::class)
|
||||
->args([[]])
|
||||
->alias(PasswordHasherFactoryInterface::class, 'security.password_hasher_factory')
|
||||
|
||||
->set('security.user_password_hasher', UserPasswordHasher::class)
|
||||
->args([service('security.password_hasher_factory')])
|
||||
->alias('security.password_hasher', 'security.user_password_hasher')
|
||||
->alias(UserPasswordHasherInterface::class, 'security.password_hasher')
|
||||
|
||||
->set('form.listener.password_hasher', PasswordHasherListener::class)
|
||||
->args([
|
||||
service('security.password_hasher'),
|
||||
service('property_accessor')->nullOnInvalid(),
|
||||
])
|
||||
|
||||
->set('form.type_extension.form.password_hasher', FormTypePasswordHasherExtension::class)
|
||||
->args([
|
||||
service('form.listener.password_hasher'),
|
||||
])
|
||||
->tag('form.type_extension', ['extended-type' => FormType::class])
|
||||
|
||||
->set('form.type_extension.password.password_hasher', PasswordTypePasswordHasherExtension::class)
|
||||
->args([
|
||||
service('form.listener.password_hasher'),
|
||||
])
|
||||
->tag('form.type_extension', ['extended-type' => PasswordType::class])
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,468 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xsd:schema xmlns="http://symfony.com/schema/dic/security"
|
||||
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||
targetNamespace="http://symfony.com/schema/dic/security"
|
||||
elementFormDefault="qualified">
|
||||
|
||||
<xsd:element name="config" type="config" />
|
||||
|
||||
<xsd:complexType name="config">
|
||||
<xsd:choice maxOccurs="unbounded">
|
||||
<xsd:element name="access-decision-manager" type="access_decision_manager" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="password_hashers" type="password_hashers" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="password_hasher" type="password_hasher" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="providers" type="providers" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="provider" type="provider" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="firewalls" type="firewalls" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="firewall" type="firewall" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="rule" type="rule" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="role" type="role" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="access-denied-url" type="xsd:string" />
|
||||
<xsd:attribute name="session-fixation-strategy" type="session_fixation_strategy" />
|
||||
<xsd:attribute name="hide-user-not-found" type="xsd:boolean" />
|
||||
<xsd:attribute name="always-authenticate-before-granting" type="xsd:boolean" />
|
||||
<xsd:attribute name="erase-credentials" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="password_hashers">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="password_hasher" type="password_hasher" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="providers">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="provider" type="provider" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="firewalls">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="firewall" type="firewall" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="session_fixation_strategy">
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="none" />
|
||||
<xsd:enumeration value="migrate" />
|
||||
<xsd:enumeration value="invalidate" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:complexType name="access_decision_manager">
|
||||
<xsd:attribute name="strategy" type="access_decision_manager_strategy" />
|
||||
<xsd:attribute name="service" type="xsd:string" />
|
||||
<xsd:attribute name="strategy-service" type="xsd:string" />
|
||||
<xsd:attribute name="allow-if-all-abstain" type="xsd:boolean" />
|
||||
<xsd:attribute name="allow-if-equal-granted-denied" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="access_decision_manager_strategy">
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="affirmative" />
|
||||
<xsd:enumeration value="consensus" />
|
||||
<xsd:enumeration value="unanimous" />
|
||||
<xsd:enumeration value="priority" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:complexType name="password_hasher">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="migrate-from" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="class" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="algorithm" type="xsd:string" />
|
||||
<xsd:attribute name="hash-algorithm" type="xsd:string" />
|
||||
<xsd:attribute name="key-length" type="xsd:string" />
|
||||
<xsd:attribute name="ignore-case" type="xsd:boolean" />
|
||||
<xsd:attribute name="encode-as-base64" type="xsd:boolean" />
|
||||
<xsd:attribute name="iterations" type="xsd:string" />
|
||||
<xsd:attribute name="cost" type="xsd:integer" />
|
||||
<xsd:attribute name="memory-cost" type="xsd:string" />
|
||||
<xsd:attribute name="time-cost" type="xsd:string" />
|
||||
<xsd:attribute name="id" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="provider">
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="chain" type="chain" />
|
||||
<xsd:element name="memory" type="memory" />
|
||||
<xsd:element name="ldap" type="ldap" />
|
||||
<!-- allow factories to use dynamic elements -->
|
||||
<xsd:any processContents="lax" namespace="##other" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="id" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="chain">
|
||||
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="provider" type="xsd:string" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="providers" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="memory">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="user" type="user" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="user">
|
||||
<xsd:attribute name="identifier" type="xsd:string" />
|
||||
<xsd:attribute name="password" type="xsd:string" />
|
||||
<xsd:attribute name="roles" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="ldap">
|
||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="extra-field" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="default-role" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="service" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="base-dn" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="search-dn" type="xsd:string" />
|
||||
<xsd:attribute name="search-password" type="xsd:string" />
|
||||
<xsd:attribute name="uid-key" type="xsd:string" />
|
||||
<xsd:attribute name="filter" type="xsd:string" />
|
||||
<xsd:attribute name="password-attribute" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="firewall">
|
||||
<xsd:choice maxOccurs="unbounded">
|
||||
<xsd:element name="logout" type="logout" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="switch-user" type="switch_user" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="anonymous" type="anonymous" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="form-login" type="form_login" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="form-login-ldap" type="form_login_ldap" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="guard" type="guard" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="access-token" type="access_token" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="http-basic" type="http_basic" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="http-basic-ldap" type="http_basic_ldap" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="json-login" type="json_login" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="json-login-ldap" type="json_login_ldap" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="login-link" type="login_link" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="login-throttling" type="login_throttling" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="remember-me" type="remember_me" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="remote-user" type="remote_user" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="x509" type="x509" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="required-badge" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
<!-- allow factories to use dynamic elements -->
|
||||
<xsd:any processContents="lax" minOccurs="0" maxOccurs="unbounded" namespace="##other" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="pattern" type="xsd:string" />
|
||||
<xsd:attribute name="host" type="xsd:string" />
|
||||
<xsd:attribute name="methods" type="xsd:string" />
|
||||
<xsd:attribute name="security" type="xsd:boolean" />
|
||||
<xsd:attribute name="user-checker" type="xsd:string" />
|
||||
<xsd:attribute name="request-matcher" type="xsd:string" />
|
||||
<xsd:attribute name="access-denied-url" type="xsd:string" />
|
||||
<xsd:attribute name="access-denied-handler" type="xsd:string" />
|
||||
<xsd:attribute name="entry-point" type="xsd:string" />
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="stateless" type="xsd:boolean" />
|
||||
<xsd:attribute name="context" type="xsd:string" />
|
||||
<xsd:attribute name="lazy" type="xsd:boolean" />
|
||||
<!-- allow factories to use dynamic elements -->
|
||||
<xsd:anyAttribute processContents="lax" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="logout">
|
||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="delete-cookie" type="delete_cookie" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="clear-site-data" type="clear_site_data" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="csrf-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="csrf-token-manager" type="xsd:string" />
|
||||
<xsd:attribute name="csrf-token-id" type="xsd:string" />
|
||||
<xsd:attribute name="enable-csrf" type="xsd:boolean" />
|
||||
<xsd:attribute name="path" type="xsd:string" />
|
||||
<xsd:attribute name="target" type="xsd:string" />
|
||||
<xsd:attribute name="invalidate-session" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="delete_cookie">
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="path" type="xsd:string" />
|
||||
<xsd:attribute name="domain" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="switch_user">
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="parameter" type="xsd:string" />
|
||||
<xsd:attribute name="role" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="anonymous">
|
||||
<xsd:attribute name="lazy" type="xsd:boolean" />
|
||||
<xsd:attribute name="secret" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="factory" abstract="true">
|
||||
<xsd:attribute name="check-path" type="xsd:string" />
|
||||
<xsd:attribute name="use-forward" type="xsd:boolean" />
|
||||
<xsd:attribute name="require-previous-session" type="xsd:boolean" />
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:attributeGroup name="success-handler-options">
|
||||
<xsd:attribute name="always-use-default-target-path" type="xsd:boolean" />
|
||||
<xsd:attribute name="default-target-path" type="xsd:string" />
|
||||
<xsd:attribute name="target-path-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="use-referer" type="xsd:boolean" />
|
||||
</xsd:attributeGroup>
|
||||
|
||||
<xsd:attributeGroup name="failure-handler-options">
|
||||
<xsd:attribute name="failure-path" type="xsd:string" />
|
||||
<xsd:attribute name="failure-forward" type="xsd:boolean" />
|
||||
<xsd:attribute name="failure-path-parameter" type="xsd:string" />
|
||||
</xsd:attributeGroup>
|
||||
|
||||
<xsd:attributeGroup name="ldap-factory">
|
||||
<xsd:attribute name="service" type="xsd:string" />
|
||||
<xsd:attribute name="dn-string" type="xsd:string" />
|
||||
<xsd:attribute name="query-string" type="xsd:string" />
|
||||
<xsd:attribute name="search-dn" type="xsd:string" />
|
||||
<xsd:attribute name="search-password" type="xsd:string" />
|
||||
</xsd:attributeGroup>
|
||||
|
||||
<xsd:complexType name="form_login">
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="factory">
|
||||
<xsd:attribute name="login-path" type="xsd:string" />
|
||||
<xsd:attribute name="username-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="password-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="csrf-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="csrf-token-id" type="xsd:string" />
|
||||
<xsd:attribute name="post-only" type="xsd:boolean" />
|
||||
<xsd:attribute name="csrf-token-generator" type="xsd:string" />
|
||||
<xsd:attribute name="enable-csrf" type="xsd:boolean" />
|
||||
<xsd:attributeGroup ref="success-handler-options" />
|
||||
<xsd:attributeGroup ref="failure-handler-options" />
|
||||
</xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="form_login_ldap">
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="form_login">
|
||||
<xsd:attributeGroup ref="ldap-factory" />
|
||||
</xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="guard">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="authenticator" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="entry-point" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="http_basic">
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="realm" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="http_basic_ldap">
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="http_basic">
|
||||
<xsd:attributeGroup ref="ldap-factory" />
|
||||
</xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="json_login">
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="factory">
|
||||
<xsd:attribute name="username-path" type="xsd:string" />
|
||||
<xsd:attribute name="password-path" type="xsd:string" />
|
||||
</xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="json_login_ldap">
|
||||
<xsd:complexContent>
|
||||
<xsd:extension base="json_login">
|
||||
<xsd:attributeGroup ref="ldap-factory" />
|
||||
</xsd:extension>
|
||||
</xsd:complexContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="login_link">
|
||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="signature-property" type="xsd:string" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="check-route" type="xsd:string" />
|
||||
<xsd:attribute name="check-post-only" type="xsd:boolean" />
|
||||
<xsd:attribute name="lifetime" type="xsd:integer" />
|
||||
<xsd:attribute name="max-uses" type="xsd:integer" />
|
||||
<xsd:attribute name="used-link-cache" type="xsd:string" />
|
||||
<xsd:attribute name="success-handler" type="xsd:string" />
|
||||
<xsd:attribute name="failure-handler" type="xsd:string" />
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="access_token">
|
||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="token-extractor" type="xsd:string" />
|
||||
<xsd:element name="token-handler" type="oidc_token_handler" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="token-handler" type="xsd:string" />
|
||||
<xsd:attribute name="realm" type="xsd:string" />
|
||||
<xsd:attribute name="success-handler" type="xsd:string" />
|
||||
<xsd:attribute name="failure-handler" type="xsd:string" />
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="oidc_token_handler">
|
||||
<xsd:sequence>
|
||||
<xsd:choice minOccurs="0" maxOccurs="1">
|
||||
<xsd:element name="oidc-user-info" type="oidc_user_info"></xsd:element>
|
||||
<xsd:element name="oidc" type="oidc"></xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="oidc-user-info" type="xsd:anyURI"></xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="oidc_user_info">
|
||||
<xsd:attribute name="base-uri" type="xsd:anyURI" use="required" />
|
||||
<xsd:attribute name="claim" type="xsd:string" />
|
||||
<xsd:attribute name="client" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="oidc">
|
||||
<xsd:choice maxOccurs="unbounded">
|
||||
<xsd:element name="issuers" type="oidc_issuers" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="issuer" type="password_hasher" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="claim" type="xsd:string" />
|
||||
<xsd:attribute name="audience" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="algorithm" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="key" type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="oidc_issuers">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="issuer" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
|
||||
</xsd:sequence>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="login_throttling">
|
||||
<xsd:attribute name="limiter" type="xsd:string" />
|
||||
<xsd:attribute name="max-attempts" type="xsd:integer" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="remember_me">
|
||||
<xsd:sequence minOccurs="0">
|
||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xsd:element name="user-provider" type="xsd:string" />
|
||||
</xsd:choice>
|
||||
<xsd:element name="token-provider" type="remember_me_token_provider" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" type="xsd:string" />
|
||||
<xsd:attribute name="lifetime" type="xsd:integer" />
|
||||
<xsd:attribute name="path" type="xsd:string" />
|
||||
<xsd:attribute name="domain" type="xsd:string" />
|
||||
<xsd:attribute name="http-only" type="xsd:boolean" />
|
||||
<xsd:attribute name="always-remember-me" type="xsd:boolean" />
|
||||
<xsd:attribute name="remember-me-parameter" type="xsd:string" />
|
||||
<xsd:attribute name="secret" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="service" type="xsd:string" />
|
||||
<xsd:attribute name="token-provider" type="xsd:string" />
|
||||
<xsd:attribute name="token-verifier" type="xsd:string" />
|
||||
<xsd:attribute name="catch-exceptions" type="xsd:boolean" />
|
||||
<xsd:attribute name="secure" type="remember_me_secure" />
|
||||
<xsd:attribute name="samesite" type="remember_me_samesite" />
|
||||
<xsd:attribute name="partitioned" type="xsd:boolean" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="remember_me_token_provider">
|
||||
<xsd:sequence>
|
||||
<xsd:element name="doctrine" type="remember_me_token_provider_doctrine" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="service" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="remember_me_token_provider_doctrine">
|
||||
<xsd:attribute name="enabled" type="xsd:boolean" />
|
||||
<xsd:attribute name="connection" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="remember_me_secure">
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="true" />
|
||||
<xsd:enumeration value="false" />
|
||||
<xsd:enumeration value="auto" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:simpleType name="remember_me_samesite">
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="null" />
|
||||
<xsd:enumeration value="lax" />
|
||||
<xsd:enumeration value="strict" />
|
||||
<xsd:enumeration value="none" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
<xsd:complexType name="remote_user">
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="user" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="x509">
|
||||
<xsd:attribute name="provider" type="xsd:string" />
|
||||
<xsd:attribute name="user" type="xsd:string" />
|
||||
<xsd:attribute name="credentials" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="rule">
|
||||
<xsd:choice>
|
||||
<xsd:element name="ip" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="method" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="role" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xsd:element name="allow-if" type="xsd:string" minOccurs="0" maxOccurs="1" />
|
||||
<xsd:element name="attribute" type="rule_attribute" minOccurs="0" maxOccurs="1" />
|
||||
</xsd:choice>
|
||||
<xsd:attribute name="requires-channel" type="xsd:string" />
|
||||
<xsd:attribute name="path" type="xsd:string" />
|
||||
<xsd:attribute name="host" type="xsd:string" />
|
||||
<xsd:attribute name="port" type="xsd:integer" />
|
||||
<xsd:attribute name="role" type="xsd:string" />
|
||||
<xsd:attribute name="methods" type="xsd:string" />
|
||||
<xsd:attribute name="allow-if" type="xsd:string" />
|
||||
<xsd:attribute name="route" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="role">
|
||||
<xsd:simpleContent>
|
||||
<xsd:extension base="xsd:string">
|
||||
<xsd:attribute name="id" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="value" type="xsd:string" />
|
||||
</xsd:extension>
|
||||
</xsd:simpleContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="rule_attribute">
|
||||
<xsd:simpleContent>
|
||||
<xsd:extension base="xsd:string">
|
||||
<xsd:attribute name="key" type="xsd:string" use="required" />
|
||||
</xsd:extension>
|
||||
</xsd:simpleContent>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:simpleType name="clear_site_data">
|
||||
<xsd:restriction base="xsd:string">
|
||||
<xsd:enumeration value="*" />
|
||||
<xsd:enumeration value="cache" />
|
||||
<xsd:enumeration value="cookies" />
|
||||
<xsd:enumeration value="storage" />
|
||||
<xsd:enumeration value="executionContexts" />
|
||||
</xsd:restriction>
|
||||
</xsd:simpleType>
|
||||
|
||||
</xsd:schema>
|
||||
@@ -0,0 +1,317 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
|
||||
use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
|
||||
use Symfony\Bundle\SecurityBundle\Routing\LogoutRouteLoader;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
|
||||
use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
|
||||
use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
|
||||
use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
|
||||
use Symfony\Component\DependencyInjection\ServiceLocator;
|
||||
use Symfony\Component\ExpressionLanguage\ExpressionLanguage as BaseExpressionLanguage;
|
||||
use Symfony\Component\Ldap\Security\LdapUserProvider;
|
||||
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
|
||||
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
|
||||
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
|
||||
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
|
||||
use Symfony\Component\Security\Core\Role\RoleHierarchy;
|
||||
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
||||
use Symfony\Component\Security\Core\User\ChainUserProvider;
|
||||
use Symfony\Component\Security\Core\User\InMemoryUserChecker;
|
||||
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
|
||||
use Symfony\Component\Security\Core\User\MissingUserProvider;
|
||||
use Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
||||
use Symfony\Component\Security\Http\Controller\SecurityTokenValueResolver;
|
||||
use Symfony\Component\Security\Http\Controller\UserValueResolver;
|
||||
use Symfony\Component\Security\Http\EventListener\IsGrantedAttributeListener;
|
||||
use Symfony\Component\Security\Http\Firewall;
|
||||
use Symfony\Component\Security\Http\FirewallMapInterface;
|
||||
use Symfony\Component\Security\Http\HttpUtils;
|
||||
use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
|
||||
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
|
||||
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
|
||||
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->parameters()
|
||||
->set('security.role_hierarchy.roles', [])
|
||||
;
|
||||
|
||||
$container->services()
|
||||
->set('security.authorization_checker', AuthorizationChecker::class)
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.access.decision_manager'),
|
||||
])
|
||||
->alias(AuthorizationCheckerInterface::class, 'security.authorization_checker')
|
||||
|
||||
->set('security.token_storage', UsageTrackingTokenStorage::class)
|
||||
->args([
|
||||
service('security.untracked_token_storage'),
|
||||
service_locator([
|
||||
'request_stack' => service('request_stack'),
|
||||
]),
|
||||
])
|
||||
->tag('kernel.reset', ['method' => 'disableUsageTracking'])
|
||||
->tag('kernel.reset', ['method' => 'setToken'])
|
||||
->alias(TokenStorageInterface::class, 'security.token_storage')
|
||||
|
||||
->set('security.untracked_token_storage', TokenStorage::class)
|
||||
|
||||
->set('security.helper', Security::class)
|
||||
->args([
|
||||
service_locator([
|
||||
'security.token_storage' => service('security.token_storage'),
|
||||
'security.authorization_checker' => service('security.authorization_checker'),
|
||||
'security.authenticator.managers_locator' => service('security.authenticator.managers_locator')->ignoreOnInvalid(),
|
||||
'request_stack' => service('request_stack'),
|
||||
'security.firewall.map' => service('security.firewall.map'),
|
||||
'security.user_checker_locator' => service('security.user_checker_locator'),
|
||||
'security.firewall.event_dispatcher_locator' => service('security.firewall.event_dispatcher_locator'),
|
||||
'security.csrf.token_manager' => service('security.csrf.token_manager')->ignoreOnInvalid(),
|
||||
]),
|
||||
abstract_arg('authenticators'),
|
||||
])
|
||||
->alias(Security::class, 'security.helper')
|
||||
|
||||
->set('security.user_value_resolver', UserValueResolver::class)
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
])
|
||||
->tag('controller.argument_value_resolver', ['priority' => 120, 'name' => UserValueResolver::class])
|
||||
|
||||
->set('security.security_token_value_resolver', SecurityTokenValueResolver::class)
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
])
|
||||
->tag('controller.argument_value_resolver', ['priority' => 120, 'name' => SecurityTokenValueResolver::class])
|
||||
|
||||
// Authentication related services
|
||||
->set('security.authentication.trust_resolver', AuthenticationTrustResolver::class)
|
||||
|
||||
->set('security.authentication.session_strategy', SessionAuthenticationStrategy::class)
|
||||
->args([
|
||||
param('security.authentication.session_strategy.strategy'),
|
||||
service('security.csrf.token_storage')->ignoreOnInvalid(),
|
||||
])
|
||||
->alias(SessionAuthenticationStrategyInterface::class, 'security.authentication.session_strategy')
|
||||
|
||||
->set('security.authentication.session_strategy_noop', SessionAuthenticationStrategy::class)
|
||||
->args(['none'])
|
||||
|
||||
->set('security.user_checker', InMemoryUserChecker::class)
|
||||
->set('security.user_checker_locator', ServiceLocator::class)
|
||||
->args([[]])
|
||||
|
||||
->set('security.expression_language', ExpressionLanguage::class)
|
||||
->args([service('cache.security_expression_language')->nullOnInvalid()])
|
||||
|
||||
->set('security.authentication_utils', AuthenticationUtils::class)
|
||||
->args([service('request_stack')])
|
||||
->alias(AuthenticationUtils::class, 'security.authentication_utils')
|
||||
|
||||
// Authorization related services
|
||||
->set('security.access.decision_manager', AccessDecisionManager::class)
|
||||
->args([[]])
|
||||
->alias(AccessDecisionManagerInterface::class, 'security.access.decision_manager')
|
||||
|
||||
->set('security.role_hierarchy', RoleHierarchy::class)
|
||||
->args([param('security.role_hierarchy.roles')])
|
||||
->alias(RoleHierarchyInterface::class, 'security.role_hierarchy')
|
||||
|
||||
// Security Voters
|
||||
->set('security.access.simple_role_voter', RoleVoter::class)
|
||||
->tag('security.voter', ['priority' => 245])
|
||||
|
||||
->set('security.access.authenticated_voter', AuthenticatedVoter::class)
|
||||
->args([service('security.authentication.trust_resolver')])
|
||||
->tag('security.voter', ['priority' => 250])
|
||||
|
||||
->set('security.access.role_hierarchy_voter', RoleHierarchyVoter::class)
|
||||
->args([service('security.role_hierarchy')])
|
||||
->tag('security.voter', ['priority' => 245])
|
||||
|
||||
->set('security.access.expression_voter', ExpressionVoter::class)
|
||||
->args([
|
||||
service('security.expression_language'),
|
||||
service('security.authentication.trust_resolver'),
|
||||
service('security.authorization_checker'),
|
||||
service('security.role_hierarchy')->nullOnInvalid(),
|
||||
])
|
||||
->tag('security.voter', ['priority' => 245])
|
||||
|
||||
->set('security.impersonate_url_generator', ImpersonateUrlGenerator::class)
|
||||
->args([
|
||||
service('request_stack'),
|
||||
service('security.firewall.map'),
|
||||
service('security.token_storage'),
|
||||
])
|
||||
|
||||
// Firewall related services
|
||||
->set('security.firewall', FirewallListener::class)
|
||||
->args([
|
||||
service('security.firewall.map'),
|
||||
service('event_dispatcher'),
|
||||
service('security.logout_url_generator'),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
->alias(Firewall::class, 'security.firewall')
|
||||
|
||||
->set('security.firewall.map', FirewallMap::class)
|
||||
->args([
|
||||
abstract_arg('Firewall context locator'),
|
||||
abstract_arg('Request matchers'),
|
||||
])
|
||||
->alias(FirewallMapInterface::class, 'security.firewall.map')
|
||||
|
||||
->set('security.firewall.context', FirewallContext::class)
|
||||
->abstract()
|
||||
->args([
|
||||
[],
|
||||
service('security.exception_listener'),
|
||||
abstract_arg('LogoutListener'),
|
||||
abstract_arg('FirewallConfig'),
|
||||
])
|
||||
|
||||
->set('security.firewall.lazy_context', LazyFirewallContext::class)
|
||||
->abstract()
|
||||
->args([
|
||||
[],
|
||||
service('security.exception_listener'),
|
||||
abstract_arg('LogoutListener'),
|
||||
abstract_arg('FirewallConfig'),
|
||||
service('security.untracked_token_storage'),
|
||||
])
|
||||
|
||||
->set('security.firewall.config', FirewallConfig::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('name'),
|
||||
abstract_arg('user_checker'),
|
||||
abstract_arg('request_matcher'),
|
||||
false, // security enabled
|
||||
false, // stateless
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
[], // listeners
|
||||
null, // switch_user
|
||||
null, // logout
|
||||
])
|
||||
|
||||
->set('security.logout_url_generator', LogoutUrlGenerator::class)
|
||||
->args([
|
||||
service('request_stack')->nullOnInvalid(),
|
||||
service('router')->nullOnInvalid(),
|
||||
service('security.token_storage')->nullOnInvalid(),
|
||||
])
|
||||
|
||||
->set('security.route_loader.logout', LogoutRouteLoader::class)
|
||||
->args([
|
||||
'%security.logout_uris%',
|
||||
'security.logout_uris',
|
||||
])
|
||||
->tag('routing.route_loader')
|
||||
|
||||
// Provisioning
|
||||
->set('security.user.provider.missing', MissingUserProvider::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('firewall'),
|
||||
])
|
||||
|
||||
->set('security.user.provider.in_memory', InMemoryUserProvider::class)
|
||||
->abstract()
|
||||
|
||||
->set('security.user.provider.ldap', LdapUserProvider::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('security.ldap.ldap'),
|
||||
abstract_arg('base dn'),
|
||||
abstract_arg('search dn'),
|
||||
abstract_arg('search password'),
|
||||
abstract_arg('default_roles'),
|
||||
abstract_arg('uid key'),
|
||||
abstract_arg('filter'),
|
||||
abstract_arg('password_attribute'),
|
||||
abstract_arg('extra_fields (email etc)'),
|
||||
])
|
||||
|
||||
->set('security.user.provider.chain', ChainUserProvider::class)
|
||||
->abstract()
|
||||
|
||||
->set('security.http_utils', HttpUtils::class)
|
||||
->args([
|
||||
service('router')->nullOnInvalid(),
|
||||
service('router')->nullOnInvalid(),
|
||||
])
|
||||
->alias(HttpUtils::class, 'security.http_utils')
|
||||
|
||||
// Validator
|
||||
->set('security.validator.user_password', UserPasswordValidator::class)
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.password_hasher_factory'),
|
||||
])
|
||||
->tag('validator.constraint_validator', ['alias' => 'security.validator.user_password'])
|
||||
|
||||
// Cache
|
||||
->set('cache.security_expression_language')
|
||||
->parent('cache.system')
|
||||
->private()
|
||||
->tag('cache.pool')
|
||||
|
||||
// Cache Warmers
|
||||
->set('security.cache_warmer.expression', ExpressionCacheWarmer::class)
|
||||
->args([
|
||||
[],
|
||||
service('security.expression_language'),
|
||||
])
|
||||
->tag('kernel.cache_warmer')
|
||||
|
||||
->set('controller.is_granted_attribute_listener', IsGrantedAttributeListener::class)
|
||||
->args([
|
||||
service('security.authorization_checker'),
|
||||
service('security.is_granted_attribute_expression_language')->nullOnInvalid(),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
|
||||
->set('security.is_granted_attribute_expression_language', BaseExpressionLanguage::class)
|
||||
->args([service('cache.security_is_granted_attribute_expression_language')->nullOnInvalid()])
|
||||
|
||||
->set('cache.security_is_granted_attribute_expression_language')
|
||||
->parent('cache.system')
|
||||
->tag('cache.pool')
|
||||
|
||||
->set('security.is_csrf_token_valid_attribute_expression_language', BaseExpressionLanguage::class)
|
||||
->args([service('cache.security_is_csrf_token_valid_attribute_expression_language')->nullOnInvalid()])
|
||||
|
||||
->set('cache.security_is_csrf_token_valid_attribute_expression_language')
|
||||
->parent('cache.system')
|
||||
->tag('cache.pool')
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,167 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\Security\UserAuthenticator;
|
||||
use Symfony\Component\DependencyInjection\ServiceLocator;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticatorManager;
|
||||
use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\RemoteUserAuthenticator;
|
||||
use Symfony\Component\Security\Http\Authenticator\X509Authenticator;
|
||||
use Symfony\Component\Security\Http\Event\CheckPassportEvent;
|
||||
use Symfony\Component\Security\Http\EventListener\CheckCredentialsListener;
|
||||
use Symfony\Component\Security\Http\EventListener\LoginThrottlingListener;
|
||||
use Symfony\Component\Security\Http\EventListener\PasswordMigratingListener;
|
||||
use Symfony\Component\Security\Http\EventListener\SessionStrategyListener;
|
||||
use Symfony\Component\Security\Http\EventListener\UserCheckerListener;
|
||||
use Symfony\Component\Security\Http\EventListener\UserProviderListener;
|
||||
use Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
|
||||
// Manager
|
||||
->set('security.authenticator.manager', AuthenticatorManager::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('authenticators'),
|
||||
service('security.token_storage'),
|
||||
service('event_dispatcher'),
|
||||
abstract_arg('provider key'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
param('security.authentication.manager.erase_credentials'),
|
||||
param('security.authentication.hide_user_not_found'),
|
||||
abstract_arg('required badges'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.managers_locator', ServiceLocator::class)
|
||||
->args([[]])
|
||||
|
||||
->set('security.user_authenticator', UserAuthenticator::class)
|
||||
->args([
|
||||
service('security.firewall.map'),
|
||||
service('security.authenticator.managers_locator'),
|
||||
service('request_stack'),
|
||||
])
|
||||
->alias(UserAuthenticatorInterface::class, 'security.user_authenticator')
|
||||
|
||||
->set('security.firewall.authenticator', AuthenticatorManagerListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('authenticator manager'),
|
||||
])
|
||||
|
||||
// Listeners
|
||||
->set('security.listener.check_authenticator_credentials', CheckCredentialsListener::class)
|
||||
->args([
|
||||
service('security.password_hasher_factory'),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
|
||||
->set('security.listener.user_provider', UserProviderListener::class)
|
||||
->args([
|
||||
service('security.user_providers'),
|
||||
])
|
||||
->tag('kernel.event_listener', ['event' => CheckPassportEvent::class, 'priority' => 1024, 'method' => 'checkPassport'])
|
||||
|
||||
->set('security.listener.user_provider.abstract', UserProviderListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('user provider'),
|
||||
])
|
||||
|
||||
->set('security.listener.password_migrating', PasswordMigratingListener::class)
|
||||
->args([
|
||||
service('security.password_hasher_factory'),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
|
||||
->set('security.listener.user_checker', UserCheckerListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('user checker'),
|
||||
])
|
||||
|
||||
->set('security.listener.session', SessionStrategyListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.authentication.session_strategy'),
|
||||
])
|
||||
|
||||
->set('security.listener.login_throttling', LoginThrottlingListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('request_stack'),
|
||||
abstract_arg('request rate limiter'),
|
||||
])
|
||||
|
||||
// Authenticators
|
||||
->set('security.authenticator.http_basic', HttpBasicAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('realm name'),
|
||||
abstract_arg('user provider'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.form_login', FormLoginAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.http_utils'),
|
||||
abstract_arg('user provider'),
|
||||
abstract_arg('authentication success handler'),
|
||||
abstract_arg('authentication failure handler'),
|
||||
abstract_arg('options'),
|
||||
])
|
||||
|
||||
->set('security.authenticator.json_login', JsonLoginAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.http_utils'),
|
||||
abstract_arg('user provider'),
|
||||
abstract_arg('authentication success handler'),
|
||||
abstract_arg('authentication failure handler'),
|
||||
abstract_arg('options'),
|
||||
service('property_accessor')->nullOnInvalid(),
|
||||
])
|
||||
->call('setTranslator', [service('translator')->ignoreOnInvalid()])
|
||||
|
||||
->set('security.authenticator.x509', X509Authenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('user provider'),
|
||||
service('security.token_storage'),
|
||||
abstract_arg('firewall name'),
|
||||
abstract_arg('user key'),
|
||||
abstract_arg('credentials key'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
abstract_arg('credentials user identifier'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.remote_user', RemoteUserAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('user provider'),
|
||||
service('security.token_storage'),
|
||||
abstract_arg('firewall name'),
|
||||
abstract_arg('user key'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
;
|
||||
};
|
||||
+139
@@ -0,0 +1,139 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Jose\Component\Core\AlgorithmManager;
|
||||
use Jose\Component\Core\AlgorithmManagerFactory;
|
||||
use Jose\Component\Core\JWK;
|
||||
use Jose\Component\Core\JWKSet;
|
||||
use Jose\Component\Signature\Algorithm\ES256;
|
||||
use Jose\Component\Signature\Algorithm\ES384;
|
||||
use Jose\Component\Signature\Algorithm\ES512;
|
||||
use Jose\Component\Signature\Algorithm\PS256;
|
||||
use Jose\Component\Signature\Algorithm\PS384;
|
||||
use Jose\Component\Signature\Algorithm\PS512;
|
||||
use Jose\Component\Signature\Algorithm\RS256;
|
||||
use Jose\Component\Signature\Algorithm\RS384;
|
||||
use Jose\Component\Signature\Algorithm\RS512;
|
||||
use Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor;
|
||||
use Symfony\Component\Security\Http\AccessToken\FormEncodedBodyExtractor;
|
||||
use Symfony\Component\Security\Http\AccessToken\HeaderAccessTokenExtractor;
|
||||
use Symfony\Component\Security\Http\AccessToken\Oidc\OidcTokenHandler;
|
||||
use Symfony\Component\Security\Http\AccessToken\Oidc\OidcUserInfoTokenHandler;
|
||||
use Symfony\Component\Security\Http\AccessToken\QueryAccessTokenExtractor;
|
||||
use Symfony\Component\Security\Http\Authenticator\AccessTokenAuthenticator;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.access_token_extractor.header', HeaderAccessTokenExtractor::class)
|
||||
->set('security.access_token_extractor.query_string', QueryAccessTokenExtractor::class)
|
||||
->set('security.access_token_extractor.request_body', FormEncodedBodyExtractor::class)
|
||||
|
||||
->set('security.authenticator.access_token', AccessTokenAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('access token handler'),
|
||||
abstract_arg('access token extractor'),
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
])
|
||||
|
||||
->set('security.authenticator.access_token.chain_extractor', ChainAccessTokenExtractor::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('access token extractors'),
|
||||
])
|
||||
|
||||
// OIDC
|
||||
->set('security.access_token_handler.oidc_user_info.http_client', HttpClientInterface::class)
|
||||
->abstract()
|
||||
->factory([service('http_client'), 'withOptions'])
|
||||
->args([abstract_arg('http client options')])
|
||||
|
||||
->set('security.access_token_handler.oidc_user_info', OidcUserInfoTokenHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('http client'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
abstract_arg('claim'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc', OidcTokenHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('signature algorithm'),
|
||||
abstract_arg('signature key'),
|
||||
abstract_arg('audience'),
|
||||
abstract_arg('issuers'),
|
||||
'sub',
|
||||
service('logger')->nullOnInvalid(),
|
||||
service('clock'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc.jwk', JWK::class)
|
||||
->abstract()
|
||||
->deprecate('symfony/security-http', '7.1', 'The "%service_id%" service is deprecated. Please use "security.access_token_handler.oidc.jwkset" instead')
|
||||
->factory([JWK::class, 'createFromJson'])
|
||||
->args([
|
||||
abstract_arg('signature key'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc.jwkset', JWKSet::class)
|
||||
->abstract()
|
||||
->factory([JWKSet::class, 'createFromJson'])
|
||||
->args([
|
||||
abstract_arg('signature keyset'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc.algorithm_manager_factory', AlgorithmManagerFactory::class)
|
||||
->args([
|
||||
tagged_iterator('security.access_token_handler.oidc.signature_algorithm'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc.signature', AlgorithmManager::class)
|
||||
->abstract()
|
||||
->factory([service('security.access_token_handler.oidc.algorithm_manager_factory'), 'create'])
|
||||
->args([
|
||||
abstract_arg('signature algorithms'),
|
||||
])
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.ES256', ES256::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.ES384', ES384::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.ES512', ES512::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.RS256', RS256::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.RS384', RS384::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.RS512', RS512::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.PS256', PS256::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.PS384', PS384::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
|
||||
->set('security.access_token_handler.oidc.signature.PS512', PS512::class)
|
||||
->tag('security.access_token_handler.oidc.signature_algorithm')
|
||||
;
|
||||
};
|
||||
+70
@@ -0,0 +1,70 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\LoginLink\FirewallAwareLoginLinkHandler;
|
||||
use Symfony\Component\Security\Core\Signature\ExpiredSignatureStorage;
|
||||
use Symfony\Component\Security\Core\Signature\SignatureHasher;
|
||||
use Symfony\Component\Security\Http\Authenticator\LoginLinkAuthenticator;
|
||||
use Symfony\Component\Security\Http\LoginLink\LoginLinkHandler;
|
||||
use Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.authenticator.login_link', LoginLinkAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('the login link handler instance'),
|
||||
service('security.http_utils'),
|
||||
abstract_arg('authentication success handler'),
|
||||
abstract_arg('authentication failure handler'),
|
||||
abstract_arg('options'),
|
||||
])
|
||||
|
||||
->set('security.authenticator.abstract_login_link_handler', LoginLinkHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('router'),
|
||||
abstract_arg('user provider'),
|
||||
abstract_arg('signature hasher'),
|
||||
abstract_arg('options'),
|
||||
])
|
||||
|
||||
->set('security.authenticator.abstract_login_link_signature_hasher', SignatureHasher::class)
|
||||
->args([
|
||||
service('property_accessor'),
|
||||
abstract_arg('signature properties'),
|
||||
'%kernel.secret%',
|
||||
abstract_arg('expired signature storage'),
|
||||
abstract_arg('max signature uses'),
|
||||
])
|
||||
|
||||
->set('security.authenticator.expired_login_link_storage', ExpiredSignatureStorage::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('cache pool service'),
|
||||
abstract_arg('expired login link storage'),
|
||||
])
|
||||
|
||||
->set('security.authenticator.cache.expired_links')
|
||||
->parent('cache.app')
|
||||
->private()
|
||||
|
||||
->set('security.authenticator.firewall_aware_login_link_handler', FirewallAwareLoginLinkHandler::class)
|
||||
->args([
|
||||
service('security.firewall.map'),
|
||||
tagged_locator('security.authenticator.login_linker', 'firewall'),
|
||||
service('request_stack'),
|
||||
])
|
||||
->alias(LoginLinkHandlerInterface::class, 'security.authenticator.firewall_aware_login_link_handler')
|
||||
;
|
||||
};
|
||||
+101
@@ -0,0 +1,101 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\RememberMe\FirewallAwareRememberMeHandler;
|
||||
use Symfony\Component\Security\Core\Signature\SignatureHasher;
|
||||
use Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator;
|
||||
use Symfony\Component\Security\Http\EventListener\CheckRememberMeConditionsListener;
|
||||
use Symfony\Component\Security\Http\EventListener\RememberMeListener;
|
||||
use Symfony\Component\Security\Http\RememberMe\PersistentRememberMeHandler;
|
||||
use Symfony\Component\Security\Http\RememberMe\RememberMeHandlerInterface;
|
||||
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
|
||||
use Symfony\Component\Security\Http\RememberMe\SignatureRememberMeHandler;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('security.rememberme.response_listener', ResponseListener::class)
|
||||
->tag('kernel.event_subscriber')
|
||||
|
||||
->set('security.authenticator.remember_me_signature_hasher', SignatureHasher::class)
|
||||
->args([
|
||||
service('property_accessor'),
|
||||
abstract_arg('signature properties'),
|
||||
'%kernel.secret%',
|
||||
null,
|
||||
null,
|
||||
])
|
||||
|
||||
->set('security.authenticator.signature_remember_me_handler', SignatureRememberMeHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('signature hasher'),
|
||||
abstract_arg('user provider'),
|
||||
service('request_stack'),
|
||||
abstract_arg('options'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.persistent_remember_me_handler', PersistentRememberMeHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('token provider'),
|
||||
abstract_arg('user provider'),
|
||||
service('request_stack'),
|
||||
abstract_arg('options'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
abstract_arg('token verifier'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.firewall_aware_remember_me_handler', FirewallAwareRememberMeHandler::class)
|
||||
->args([
|
||||
service('security.firewall.map'),
|
||||
tagged_locator('security.remember_me_handler', 'firewall'),
|
||||
service('request_stack'),
|
||||
])
|
||||
->alias(RememberMeHandlerInterface::class, 'security.authenticator.firewall_aware_remember_me_handler')
|
||||
|
||||
->set('security.listener.check_remember_me_conditions', CheckRememberMeConditionsListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('options'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
|
||||
->set('security.listener.remember_me', RememberMeListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('remember me handler'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authenticator.remember_me', RememberMeAuthenticator::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('remember me handler'),
|
||||
param('kernel.secret'),
|
||||
service('security.token_storage'),
|
||||
abstract_arg('options'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
// Cache
|
||||
->set('cache.security_token_verifier')
|
||||
->parent('cache.system')
|
||||
->private()
|
||||
->tag('cache.pool')
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener;
|
||||
use Symfony\Bundle\SecurityBundle\EventListener\VoteListener;
|
||||
use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('debug.security.access.decision_manager', TraceableAccessDecisionManager::class)
|
||||
->decorate('security.access.decision_manager')
|
||||
->args([
|
||||
service('debug.security.access.decision_manager.inner'),
|
||||
])
|
||||
|
||||
->set('debug.security.voter.vote_listener', VoteListener::class)
|
||||
->args([
|
||||
service('debug.security.access.decision_manager'),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
|
||||
->set('debug.security.firewall', TraceableFirewallListener::class)
|
||||
->args([
|
||||
service('security.firewall.map'),
|
||||
service('event_dispatcher'),
|
||||
service('security.logout_url_generator'),
|
||||
])
|
||||
->tag('kernel.event_subscriber')
|
||||
->tag('kernel.reset', ['method' => 'reset'])
|
||||
->alias('security.firewall', 'debug.security.firewall')
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,174 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Component\DependencyInjection\ServiceLocator;
|
||||
use Symfony\Component\Security\Http\AccessMap;
|
||||
use Symfony\Component\Security\Http\Authentication\CustomAuthenticationFailureHandler;
|
||||
use Symfony\Component\Security\Http\Authentication\CustomAuthenticationSuccessHandler;
|
||||
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
|
||||
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;
|
||||
use Symfony\Component\Security\Http\EventListener\ClearSiteDataLogoutListener;
|
||||
use Symfony\Component\Security\Http\EventListener\CookieClearingLogoutListener;
|
||||
use Symfony\Component\Security\Http\EventListener\DefaultLogoutListener;
|
||||
use Symfony\Component\Security\Http\EventListener\SessionLogoutListener;
|
||||
use Symfony\Component\Security\Http\Firewall\AccessListener;
|
||||
use Symfony\Component\Security\Http\Firewall\ChannelListener;
|
||||
use Symfony\Component\Security\Http\Firewall\ContextListener;
|
||||
use Symfony\Component\Security\Http\Firewall\ExceptionListener;
|
||||
use Symfony\Component\Security\Http\Firewall\LogoutListener;
|
||||
use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
|
||||
->set('security.channel_listener', ChannelListener::class)
|
||||
->args([
|
||||
service('security.access_map'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
inline_service('int')->factory([service('router.request_context'), 'getHttpPort']),
|
||||
inline_service('int')->factory([service('router.request_context'), 'getHttpsPort']),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.access_map', AccessMap::class)
|
||||
|
||||
->set('security.context_listener', ContextListener::class)
|
||||
->args([
|
||||
service('security.untracked_token_storage'),
|
||||
[],
|
||||
abstract_arg('Provider Key'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
service('event_dispatcher')->nullOnInvalid(),
|
||||
service('security.authentication.trust_resolver'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.logout_listener', LogoutListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.http_utils'),
|
||||
abstract_arg('event dispatcher'),
|
||||
[], // Options
|
||||
])
|
||||
|
||||
->set('security.logout.listener.session', SessionLogoutListener::class)
|
||||
->abstract()
|
||||
|
||||
->set('security.logout.listener.clear_site_data', ClearSiteDataLogoutListener::class)
|
||||
->abstract()
|
||||
|
||||
->set('security.logout.listener.cookie_clearing', CookieClearingLogoutListener::class)
|
||||
->abstract()
|
||||
|
||||
->set('security.logout.listener.default', DefaultLogoutListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.http_utils'),
|
||||
abstract_arg('target url'),
|
||||
])
|
||||
|
||||
->set('security.authentication.listener.abstract')
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.authentication.manager'),
|
||||
service('security.authentication.session_strategy'),
|
||||
service('security.http_utils'),
|
||||
abstract_arg('Provider-shared Key'),
|
||||
service('security.authentication.success_handler'),
|
||||
service('security.authentication.failure_handler'),
|
||||
[],
|
||||
service('logger')->nullOnInvalid(),
|
||||
service('event_dispatcher')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authentication.custom_success_handler', CustomAuthenticationSuccessHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('The custom success handler service'),
|
||||
[], // Options
|
||||
abstract_arg('Provider-shared Key'),
|
||||
])
|
||||
|
||||
->set('security.authentication.success_handler', DefaultAuthenticationSuccessHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.http_utils'),
|
||||
[], // Options
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
|
||||
->set('security.authentication.custom_failure_handler', CustomAuthenticationFailureHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
abstract_arg('The custom failure handler service'),
|
||||
[], // Options
|
||||
])
|
||||
|
||||
->set('security.authentication.failure_handler', DefaultAuthenticationFailureHandler::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('http_kernel'),
|
||||
service('security.http_utils'),
|
||||
[], // Options
|
||||
service('logger')->nullOnInvalid(),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.exception_listener', ExceptionListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.authentication.trust_resolver'),
|
||||
service('security.http_utils'),
|
||||
abstract_arg('Provider-shared Key'),
|
||||
service('security.authentication.entry_point')->nullOnInvalid(),
|
||||
param('security.access.denied_url'),
|
||||
service('security.access.denied_handler')->nullOnInvalid(),
|
||||
service('logger')->nullOnInvalid(),
|
||||
false, // Stateless
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.authentication.switchuser_listener', SwitchUserListener::class)
|
||||
->abstract()
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
abstract_arg('User Provider'),
|
||||
abstract_arg('User Checker'),
|
||||
abstract_arg('Provider Key'),
|
||||
service('security.access.decision_manager'),
|
||||
service('logger')->nullOnInvalid(),
|
||||
'_switch_user',
|
||||
'ROLE_ALLOWED_TO_SWITCH',
|
||||
service('event_dispatcher')->nullOnInvalid(),
|
||||
false, // Stateless
|
||||
service('router')->nullOnInvalid(),
|
||||
abstract_arg('Target Route'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.access_listener', AccessListener::class)
|
||||
->args([
|
||||
service('security.token_storage'),
|
||||
service('security.access.decision_manager'),
|
||||
service('security.access_map'),
|
||||
])
|
||||
->tag('monolog.logger', ['channel' => 'security'])
|
||||
|
||||
->set('security.firewall.event_dispatcher_locator', ServiceLocator::class)
|
||||
->args([[]])
|
||||
;
|
||||
};
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
||||
|
||||
use Symfony\Bridge\Twig\Extension\LogoutUrlExtension;
|
||||
use Symfony\Bridge\Twig\Extension\SecurityExtension;
|
||||
|
||||
return static function (ContainerConfigurator $container) {
|
||||
$container->services()
|
||||
->set('twig.extension.logout_url', LogoutUrlExtension::class)
|
||||
->args([
|
||||
service('security.logout_url_generator'),
|
||||
])
|
||||
->tag('twig.extension')
|
||||
|
||||
->set('twig.extension.security', SecurityExtension::class)
|
||||
->args([
|
||||
service('security.authorization_checker')->ignoreOnInvalid(),
|
||||
service('security.impersonate_url_generator')->ignoreOnInvalid(),
|
||||
])
|
||||
->tag('twig.extension')
|
||||
;
|
||||
};
|
||||
Reference in New Issue
Block a user