Prepare check scope on resource endpoint firewall.

authbucket · Jul 11, 2014 · fdd7d07 · fdd7d07
1 parent 5b31f3c
commit fdd7d07
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/DependencyInjection/Security/Factory/ResourceFactory.php b/DependencyInjection/Security/Factory/ResourceFactory.php
@@ -20,10 +20,19 @@ class ResourceFactory implements SecurityFactoryInterface
 {
     public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
     {
+        $config =  array_merge(array(
+            'resource_type' => 'model',
+            'scope' => array(),
+            'options' => array(),
+        ), (array) $config);
+
         $providerId = 'security.authentication.provider.resource.' . $id;
         $container
             ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.resource'))
-            ->replaceArgument(1, $id);
+            ->replaceArgument(1, $id)
+            ->replaceArgument(2, $config['resource_type'])
+            ->replaceArgument(3, $config['scope'])
+            ->replaceArgument(4, $config['options']);
 
         $listenerId = 'security.authentication.listener.resource.' . $id;
         $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.resource'))

diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -64,7 +64,7 @@ services:
 
     security.authentication.provider.resource:
         class: %security.authentication.provider.resource.class%
-        arguments: ["@authbucket_oauth2.model_manager.factory", ""]
+        arguments: ["@authbucket_oauth2.model_manager.factory", "", null, null, null]
     security.authentication.listener.resource:
         class: %security.authentication.listener.resource.class%
         arguments: ["@security.context", "@security.authentication.manager", "", "@authbucket_oauth2.token_handler.factory"]
diff --git a/app/config/security.yml b/app/config/security.yml
@@ -45,16 +45,11 @@ security:
 
         oauth2_debug:
             pattern:                ^/oauth2/debug$
-            oauth2_resource:
-                resource_type:      model
-                scope:              [ demoscope1, demoscope2, demoscope3 ]
+            oauth2_resource:        ~
 
         oauth2_resource:
             pattern:                ^/resource/debug$
             oauth2_resource:
                 resource_type:      debug_endpoint
-                scope:              [ demoscope1, demoscope2, demoscope3 ]
-                options:
-                    request_uri:    /oauth2/debug
-                    client_id:      ~
-                    client_secret:  ~
+                scope:              []
+                options:            []