Skip to content
Symfony2 bundle that provides '@secure' annotation to secure actions and controllers.
PHP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Annotation
DependencyInjection
Resources/config
Security
Tests
.gitignore
.travis.yml
LICENSE
LswSecureControllerBundle.php
README.md
build.xml
composer.json
phpmd.xml
phpunit.xml

README.md

LswSecureControllerBundle

Provide '@Secure' annotation to secure actions in controllers by specifying required roles.

NB: Instead of this bundle you may want to use the @Security annotation provided by the SensioFrameworkExtraBundle (Symfony 2.4+ feature)

NB: This bundle was created because the JMSSecurityExtraBundle is no longer provided in Symfony 2.3 (due to a license incompatibility) and this was the only feature we needed.

Build Status

Requirements

  • PHP 5.3
  • Symfony 2.8

Installation

Installation is broken down in the following steps:

  1. Download LswSecureControllerBundle using composer
  2. Enable the Bundle

Step 1: Download LswSecureControllerBundle using composer

Add LswSecureControllerBundle in your composer.json:

{
    "require": {
        "leaseweb/secure-controller-bundle": "*",
        ...
    }
}

Now tell composer to download the bundle by running the command:

$ php composer.phar update leaseweb/secure-controller-bundle

Composer will install the bundle to your project's vendor/leaseweb directory.

Step 2: Enable the bundle

Enable the bundle in the kernel:

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new Lsw\SecureControllerBundle\LswSecureControllerBundle(),
    );
}

Usage

As an example we show how to use the '@Secure' annotation in the AcmeDemoBundle to secure the "hello world" page requiring the role "ROLE_TEST" to execute.

In src/Acme/DemoBundle/Controller/SecuredController.php you should add the following line on top, but under the namespace definition:

use Lsw\SecureControllerBundle\Annotation\Secure;

To require the "ROLE_TEST" for "helloAction" in the "SecuredController" you should add the line @Secure(roles="ROLE_TEST") to the DocBlock of the "helloAction" like this:

    /**
     * @Secure(roles="ROLE_TEST")
     * @Route("/hello", defaults={"name"="World"}),
     * @Route("/hello/{name}", name="_demo_secured_hello")
     * @Template()
     */
    public function helloAction($name)
    {
        return array('name' => $name);
    }

Or to the DocBlock of the controller like this:

    /**
     * @Secure(roles="ROLE_TEST")
     */
    class AdminController extends Controller
    {
      ...
    }

If the user does not have the role the following error should appear when accessing the action:

Current user is not granted required role "ROLE_TEST".
403 Forbidden - AccessDeniedHttpException
1 linked Exception:

If you put the "@Secure" annotation on an action that is not behind a firewall you get this error:

@Secure(...) annotation found without firewall on "helloAction" in 
".../src/Acme/DemoBundle/Controller/DemoController.php"
500 Internal Server Error - AuthenticationCredentialsNotFoundException

Note that you can configure the firewall in app/config/security.yml.

Credits

This would not have been possible without Matthias Noback his excellent posts:

Contributors

License

This bundle is under the MIT license.

You can’t perform that action at this time.