mirror of
https://github.com/wallabag/wallabag.git
synced 2025-09-15 18:57:05 +00:00
first implementation of security
This commit is contained in:
Nicolas Lœuillet
parent
71691fe44a
commit
c3235553dd
18 changed files with 469 additions and 69 deletions
|
|
@ -10,6 +10,14 @@ doc-api:
|
|||
resource: "@NelmioApiDocBundle/Resources/config/routing.yml"
|
||||
prefix: /api/doc
|
||||
|
||||
login:
|
||||
pattern: /login
|
||||
defaults: { _controller: WallabagCoreBundle:Security:login }
|
||||
login_check:
|
||||
pattern: /login_check
|
||||
logout:
|
||||
path: /logout
|
||||
|
||||
#wallabag_api:
|
||||
# resource: "@WallabagApiBundle/Controller/"
|
||||
# type: annotation
|
||||
|
|
|
|||
|
|
@ -1,52 +1,58 @@
|
|||
# you can read more about security in the related section of the documentation
|
||||
# http://symfony.com/doc/current/book/security.html
|
||||
security:
|
||||
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
|
||||
encoders:
|
||||
Symfony\Component\Security\Core\User\User: plaintext
|
||||
Wallabag\CoreBundle\Entity\Users:
|
||||
algorithm: sha1
|
||||
encode_as_base64: false
|
||||
iterations: 1
|
||||
|
||||
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
|
||||
role_hierarchy:
|
||||
ROLE_ADMIN: ROLE_USER
|
||||
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
|
||||
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
|
||||
|
||||
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
|
||||
providers:
|
||||
in_memory:
|
||||
memory:
|
||||
users:
|
||||
user: { password: userpass, roles: [ 'ROLE_USER' ] }
|
||||
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
|
||||
administrators:
|
||||
entity: { class: WallabagCoreBundle:Users, property: username }
|
||||
|
||||
# the main part of the security, where you can set up firewalls
|
||||
# for specific sections of your app
|
||||
firewalls:
|
||||
# disables authentication for assets and the profiler, adapt it according to your needs
|
||||
dev:
|
||||
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
||||
security: false
|
||||
# the login page has to be accessible for everybody
|
||||
demo_login:
|
||||
pattern: ^/demo/secured/login$
|
||||
security: false
|
||||
#wsse_secured:
|
||||
# pattern: /api/.*
|
||||
# wsse: true
|
||||
login_firewall:
|
||||
pattern: ^/login$
|
||||
anonymous: ~
|
||||
|
||||
# secures part of the application
|
||||
demo_secured_area:
|
||||
pattern: ^/demo/secured/
|
||||
# it's important to notice that in this case _demo_security_check and _demo_login
|
||||
# are route names and that they are specified in the AcmeDemoBundle
|
||||
secured_area:
|
||||
pattern: ^/
|
||||
anonymous: ~
|
||||
form_login:
|
||||
check_path: _demo_security_check
|
||||
login_path: _demo_login
|
||||
logout:
|
||||
path: _demo_logout
|
||||
target: _demo
|
||||
#anonymous: ~
|
||||
#http_basic:
|
||||
# realm: "Secured Demo Area"
|
||||
login_path: /login
|
||||
|
||||
use_forward: false
|
||||
|
||||
check_path: /login_check
|
||||
|
||||
post_only: true
|
||||
|
||||
always_use_default_target_path: true
|
||||
default_target_path: /
|
||||
target_path_parameter: redirect_url
|
||||
use_referer: true
|
||||
|
||||
failure_path: null
|
||||
failure_forward: false
|
||||
|
||||
username_parameter: _username
|
||||
password_parameter: _password
|
||||
|
||||
csrf_parameter: _csrf_token
|
||||
intention: authenticate
|
||||
|
||||
logout:
|
||||
path: /logout
|
||||
target: /
|
||||
|
||||
# with these settings you can restrict or allow access for different parts
|
||||
# of your application based on roles, ip, host or methods
|
||||
# http://symfony.com/doc/current/cookbook/security/access_control.html
|
||||
access_control:
|
||||
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
|
||||
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||
- { path: ^/, roles: ROLE_USER }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue