-
Notifications
You must be signed in to change notification settings - Fork 719
Support 'security' and 'stateless' flags in security config #573
Conversation
I'm not sure I understand what you'd use these flags for, perhaps some
|
These are the same flags you can use in Symfony2. I guess $app->register(new SecurityServiceProvider(), array(
'security.firewalls' => array(
'api' => array(
'pattern' => '^/api',
'stateless' => true,
'security' => !$app['debug'],
'oauth' => true
)
)
)); Which will (a) turn off oauth access token authentication when you're debugging (b) turn off read/write on the session during authentication, which isn't wanted since the oauth access token is sent for each request. |
Sorry, I think I got confused by the security flag, I understand the stateless one. |
The goal of the |
|
||
$protected = count($firewall); | ||
$protected = (false === $security) ? false : count($firewall); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you remove the parenthesis around the condition?
Can you also update the documentation about these two new settings? Thanks. |
It's done. Added a section for Stateless Authentication, and a tip for the |
This PR was merged into the master branch. Commits ------- e21b380 Support 'security' and 'stateless' flags in security config Discussion ---------- Support 'security' and 'stateless' flags in security config `'security' => false` will disable the firewall (for a particular area) even if there are listeners configured. `'stateless' => true` will prevent `ContextListener` from getting registered. --------------------------------------------------------------------------- by davedevelopment at 2013-01-05T15:01:38Z I'm not sure I understand what you'd use these flags for, perhaps some documentation would be useful? On Jan 5, 2013 10:05 AM, "Chris Heng" <notifications@github.com> wrote: > 'security' => false will disable the firewall even if there are listeners > configured. > > 'stateless' => true will prevent ContextListener from getting registered. > ------------------------------ > You can merge this Pull Request by running: > > git pull https://github.com/gigablah/Silex security-flags > > Or view, comment on, or merge it at: > > https://github.com/fabpot/Silex/pull/573 > Commit Summary > > - Support 'security' and 'stateless' flags in security config > > File Changes > > - *M* src/Silex/Provider/SecurityServiceProvider.php (10) > > Patch Links > > - https://github.com/fabpot/Silex/pull/573.patch > - https://github.com/fabpot/Silex/pull/573.diff > > — > Reply to this email directly or view it on GitHub<https://github.com/fabpot/Silex/pull/573>. > > --------------------------------------------------------------------------- by gigablah at 2013-01-05T15:30:13Z These are the same flags you can use in Symfony2. I guess `'security' => false` by itself isn't too useful, but you could hypothetically do something like: ```php $app->register(new SecurityServiceProvider(), array( 'security.firewalls' => array( 'api' => array( 'pattern' => '^/api', 'stateless' => true, 'security' => !$app['debug'], 'oauth' => true ) ) )); ``` Which will (a) turn off oauth access token authentication when you're debugging (b) turn off read/write on the session during authentication, which isn't wanted since the oauth access token is sent for each request. --------------------------------------------------------------------------- by davedevelopment at 2013-01-06T20:48:20Z Sorry, I think I got confused by the security flag, I understand the stateless one. --------------------------------------------------------------------------- by stof at 2013-01-06T21:13:04Z The goal of the ``security`` flag is to create a firewall pattern without firewall. The only reason for this is to whitelist a pattern by placing it before another pattern without having to create a crazy regex --------------------------------------------------------------------------- by fabpot at 2013-01-18T15:00:19Z Can you also update the documentation about these two new settings? Thanks. --------------------------------------------------------------------------- by gigablah at 2013-01-19T04:37:08Z It's done. Added a section for Stateless Authentication, and a tip for the `security` flag.
'security' => false
will disable the firewall (for a particular area) even if there are listeners configured.'stateless' => true
will preventContextListener
from getting registered.