Skip to content

Instantly share code, notes, and snippets.

@jaytaph
Created January 15, 2016 09:30
Show Gist options
  • Save jaytaph/cb7fb4392e5d6aa07d8f to your computer and use it in GitHub Desktop.
Save jaytaph/cb7fb4392e5d6aa07d8f to your computer and use it in GitHub Desktop.
Using the Symfony security component as standalone
{
"name": "jaytaph/security-example",
"require": {
"symfony/security-core": "~2.8"
},
"authors": [
{
"name": "Joshua Thijssen",
"email": "[email protected]"
}
]
}
<?php
use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\InMemoryUserProvider;
use Symfony\Component\Security\Core\User\UserChecker;
require "vendor/autoload.php";
/**
* Part 1: Authentication part
*/
// Define users which we can authenticate against, together with "roles".
$userProvider = new InMemoryUserProvider(
array(
'john' => array(
'password' => 'password',
'roles' => array('ROLE_USER'),
),
'admin' => array(
'password' => 'secret',
'roles' => array('ROLE_ADMIN'),
),
)
);
// Create an encoder factory that will "encode" passwords
$encoderFactory = new \Symfony\Component\Security\Core\Encoder\EncoderFactory(array(
// We simply use plaintext passwords for users from this specific class
'Symfony\Component\Security\Core\User\User' => new PlaintextPasswordEncoder(),
));
// The user checker is a simple class that allows to check against different elements (user disabled, account expired etc)
$userChecker = new UserChecker();
// The (authentication) providers are a way to make sure to match credentials against users based on their "providerkey".
$providers = array(
new DaoAuthenticationProvider($userProvider, $userChecker, 'main', $encoderFactory, true),
);
$authenticationManager = new AuthenticationProviderManager($providers, true);
/**
* Part 2: Tokens
*/
// We store our (authenticated) token inside the token storage
$tokenStorage = new TokenStorage();
/**
* Part 3: Authorization
*/
// We only create a single voter that checks on given token roles.
$voters = array(
new \Symfony\Component\Security\Core\Authorization\Voter\RoleVoter('ROLE_'),
);
// Tie all voters into the access decision manager (
$accessDecisionManager = new AccessDecisionManager(
$voters,
AccessDecisionManager::STRATEGY_AFFIRMATIVE,
false,
true
);
/**
* Part 4: Tie authorization & authentication & token storage together for easy use
*/
$authorizationChecker = new AuthorizationChecker(
$tokenStorage,
$authenticationManager,
$accessDecisionManager,
false
);
/**
* Part 5: Authenticate a user based on supplied credentials
*/
try {
$username = $argv[1];
$password = $argv[2];
// Create "unauthenticated" token and authenticate it
$token = new UsernamePasswordToken($username, $password, 'main', array());
$token = $authenticationManager->authenticate($token);
// Store "authenticated" token in the token storage
$tokenStorage->setToken($token);
} catch (AuthenticationException $e) {
print $e->getMessage();
exit(1);
}
/**
* Part 6: Check if the given user (token) has ROLE_ADMIN permissions
*/
if ($authorizationChecker->isGranted('ROLE_ADMIN')) {
print "This user has admin rights.\n";
} else {
print "Access denied\n";
}
@ikhsan017
Copy link

thanks,

security is the most complex symfony component I ever deal with 😬

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment