diff options
author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-02 14:49:38 +0200 |
---|---|---|
committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-10-02 14:49:38 +0200 |
commit | 0d3da2a02c2ebabb1e6a4ce898308c1989963185 (patch) | |
tree | 5fe7bbbd88c6ce6ba814fe82f1bd5edf8e2e3f18 /Core | |
parent | c2d213d3f64a1c7cfaa226626687cce57cb64ba8 (diff) | |
parent | b8517a61435259720592da3029a13ceb4d5558d5 (diff) | |
download | symfony-security-0d3da2a02c2ebabb1e6a4ce898308c1989963185.zip symfony-security-0d3da2a02c2ebabb1e6a4ce898308c1989963185.tar.gz symfony-security-0d3da2a02c2ebabb1e6a4ce898308c1989963185.tar.bz2 |
feature #14721 [Security] Configuring a user checker per firewall (iltar)
This PR was squashed before being merged into the 2.8 branch (closes #14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
Diffstat (limited to 'Core')
-rw-r--r-- | Core/User/UserCheckerInterface.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/Core/User/UserCheckerInterface.php b/Core/User/UserCheckerInterface.php index 3dd8d51..62ea9f0 100644 --- a/Core/User/UserCheckerInterface.php +++ b/Core/User/UserCheckerInterface.php @@ -11,10 +11,13 @@ namespace Symfony\Component\Security\Core\User; +use Symfony\Component\Security\Core\Exception\AccountStatusException; + /** - * UserCheckerInterface checks user account when authentication occurs. + * Implement to throw AccountStatusException during the authentication process. * - * This should not be used to make authentication decisions. + * Can be used when you want to check the account status, e.g when the account is + * disabled or blocked. This should not be used to make authentication decisions. * * @author Fabien Potencier <fabien@symfony.com> */ @@ -24,6 +27,8 @@ interface UserCheckerInterface * Checks the user account before authentication. * * @param UserInterface $user a UserInterface instance + * + * @throws AccountStatusException */ public function checkPreAuth(UserInterface $user); @@ -31,6 +36,8 @@ interface UserCheckerInterface * Checks the user account after authentication. * * @param UserInterface $user a UserInterface instance + * + * @throws AccountStatusException */ public function checkPostAuth(UserInterface $user); } |