Ah, security! Quick run!
Wait, come back! Security in Symfony is awesome! Seriously, between things called "voters" and the Guard authentication system, you can do anything you want inside of Symfony, and the code to do it is simple and expressive.
Security has two sides: authentication (who are you?) and authorization (do you have access to do X). We'll talk about each of these, creating an traditional form login system and and API token authentication system using Json web tokens (not as scary as they sound!). Then, we'll turn to authorization, with roles, voters and other good stuff:
Security & Firewall Fundamentals
Creating a custom login form
Making a User (ooOOOoo)
User Providers (why you need them, but don't care)
Password Encryption
Logging out!
Protecting entire URLs with access_control(s)
IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED
Checking access with roles! ROLE_USER
Denying access in a controller
What are voters?
Role hierarchies
Impersonation (switch_user)
Registration Form
Manual authentication
... and how to create a back door into your site. Just kidding! Let's make some secure sites!
Overview
Syllabus
- 01. The All-Important User Class
- 02. The UserInterface Methods (Keep some Blank!)
- 03. Rendering that Login Form
- 04. All About Firewalls
- 05. The LoginFormAuthenticator
- 06. Authenticator: getUser, checkCredentials & Success/Failure
- 07. The Mysterious "User Provider"
- 08. Logging out & Pre-filling the Email on Failure
- 09. Users Need Passwords (plainPassword)
- 10. Doctrine Listener: Encode the User's Password
- 11. Configuring the Encoder in security.yml
- 12. Authorization: access_control and Roles
- 13. Denying Access in a Controller
- 14. Dynamic Roles
- 15. Fetch me a User Object!
- 16. Role Hierarchy
- 17. Impersonation (Login as Someone Else)
- 18. Registration Form
- 19. Validation with the UniqueEntity Constraint
- 20. Validation Groups: Conditional Validation
- 21. Automatically Login after Registration!
Taught by
Ryan Weaver
