-
Notifications
You must be signed in to change notification settings - Fork 351
/
OroSecurityExtension.php
110 lines (98 loc) · 4.01 KB
/
OroSecurityExtension.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
namespace Oro\Bundle\SecurityBundle\DependencyInjection;
use Symfony\Component\Config\FileLocator;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Definition;
use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface;
use Symfony\Component\DependencyInjection\Loader;
use Symfony\Component\HttpKernel\DependencyInjection\Extension;
use Oro\Component\Config\Loader\CumulativeConfigLoader;
use Oro\Component\Config\Loader\YamlCumulativeFileLoader;
use Oro\Component\DependencyInjection\ExtendedContainerBuilder;
class OroSecurityExtension extends Extension implements PrependExtensionInterface
{
const DEFAULT_WSSE_NONCE_CACHE_SERVICE_ID = 'oro_security.wsse_nonce_cache';
const DEFAULT_WSSE_NONCE_CACHE_CLASS = 'Oro\Bundle\SecurityBundle\Cache\WsseNoncePhpFileCache';
const DEFAULT_WSSE_NONCE_CACHE_PATH = '%kernel.cache_dir%/security/nonces';
const ACLS_CONFIG_ROOT_NODE = 'acls';
/**
* {@inheritDoc}
*/
public function load(array $configs, ContainerBuilder $container)
{
$configuration = new Configuration();
$this->processConfiguration($configuration, $configs);
$loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config'));
$loader->load('layouts.yml');
$loader->load('ownership.yml');
$loader->load('services.yml');
$this->addClassesToCompile(['Oro\Bundle\SecurityBundle\Http\Firewall\ContextListener']);
}
/**
* {@inheritdoc}
*/
public function prepend(ContainerBuilder $container)
{
if ($container instanceof ExtendedContainerBuilder) {
$this->setupWsseNonceCache($container);
}
}
/**
* @return CumulativeConfigLoader
*/
public static function getAclConfigLoader()
{
return new CumulativeConfigLoader(
'oro_acl_config',
new YamlCumulativeFileLoader('Resources/config/oro/acls.yml')
);
}
/**
* Sets default implementation of the cache for WSSE nonces if a custom implementation is not specified
*
* @param ExtendedContainerBuilder $container
*/
protected function setupWsseNonceCache(ExtendedContainerBuilder $container)
{
$securityConfig = $container->getExtensionConfig('security');
$hasSecurityConfigChanges = false;
$wsseLifetime = 0;
if (isset($securityConfig[0]['firewalls'])) {
$securityFirewalls = $securityConfig[0]['firewalls'];
foreach ($securityFirewalls as $name => $config) {
if (!isset($config['wsse'])) {
continue;
}
if (!isset($config['wsse']['nonce_cache_service_id'])) {
$hasSecurityConfigChanges = true;
$securityConfig[0]['firewalls'][$name]['wsse']['nonce_cache_service_id'] =
self::DEFAULT_WSSE_NONCE_CACHE_SERVICE_ID;
}
if (isset($config['wsse']['lifetime'])
&& (
$wsseLifetime == 0
|| $wsseLifetime > $config['wsse']['lifetime']
)
) {
$wsseLifetime = $config['wsse']['lifetime'];
}
}
}
if ($hasSecurityConfigChanges) {
$container->setExtensionConfig('security', $securityConfig);
if (!$container->hasDefinition(self::DEFAULT_WSSE_NONCE_CACHE_SERVICE_ID)) {
$cacheServiceDef = new Definition(
self::DEFAULT_WSSE_NONCE_CACHE_CLASS,
[self::DEFAULT_WSSE_NONCE_CACHE_PATH]
);
if ($wsseLifetime) {
$cacheServiceDef->addMethodCall('setNonceLifeTime', [$wsseLifetime]);
}
$container->setDefinition(
self::DEFAULT_WSSE_NONCE_CACHE_SERVICE_ID,
$cacheServiceDef
);
}
}
}
}