Support 'security' and 'stateless' flags in security config #573
Conversation
|
I'm not sure I understand what you'd use these flags for, perhaps some
|
|
These are the same flags you can use in Symfony2. I guess $app->register(new SecurityServiceProvider(), array(
'security.firewalls' => array(
'api' => array(
'pattern' => '^/api',
'stateless' => true,
'security' => !$app['debug'],
'oauth' => true
)
)
));Which will (a) turn off oauth access token authentication when you're debugging (b) turn off read/write on the session during authentication, which isn't wanted since the oauth access token is sent for each request. |
|
Sorry, I think I got confused by the security flag, I understand the stateless one. |
|
The goal of the |
|
|
||
| $protected = count($firewall); | ||
| $protected = (false === $security) ? false : count($firewall); |
There was a problem hiding this comment.
Can you remove the parenthesis around the condition?
|
Can you also update the documentation about these two new settings? Thanks. |
|
It's done. Added a section for Stateless Authentication, and a tip for the |
This PR was merged into the master branch. Commits ------- e21b380 Support 'security' and 'stateless' flags in security config Discussion ---------- Support 'security' and 'stateless' flags in security config `'security' => false` will disable the firewall (for a particular area) even if there are listeners configured. `'stateless' => true` will prevent `ContextListener` from getting registered. --------------------------------------------------------------------------- by davedevelopment at 2013-01-05T15:01:38Z I'm not sure I understand what you'd use these flags for, perhaps some documentation would be useful? On Jan 5, 2013 10:05 AM, "Chris Heng" <notifications@github.com> wrote: > 'security' => false will disable the firewall even if there are listeners > configured. > > 'stateless' => true will prevent ContextListener from getting registered. > ------------------------------ > You can merge this Pull Request by running: > > git pull https://github.com/gigablah/Silex security-flags > > Or view, comment on, or merge it at: > > https://github.com/fabpot/Silex/pull/573 > Commit Summary > > - Support 'security' and 'stateless' flags in security config > > File Changes > > - *M* src/Silex/Provider/SecurityServiceProvider.php (10) > > Patch Links > > - https://github.com/fabpot/Silex/pull/573.patch > - https://github.com/fabpot/Silex/pull/573.diff > > — > Reply to this email directly or view it on GitHub<https://github.com/fabpot/Silex/pull/573>. > > --------------------------------------------------------------------------- by gigablah at 2013-01-05T15:30:13Z These are the same flags you can use in Symfony2. I guess `'security' => false` by itself isn't too useful, but you could hypothetically do something like: ```php $app->register(new SecurityServiceProvider(), array( 'security.firewalls' => array( 'api' => array( 'pattern' => '^/api', 'stateless' => true, 'security' => !$app['debug'], 'oauth' => true ) ) )); ``` Which will (a) turn off oauth access token authentication when you're debugging (b) turn off read/write on the session during authentication, which isn't wanted since the oauth access token is sent for each request. --------------------------------------------------------------------------- by davedevelopment at 2013-01-06T20:48:20Z Sorry, I think I got confused by the security flag, I understand the stateless one. --------------------------------------------------------------------------- by stof at 2013-01-06T21:13:04Z The goal of the ``security`` flag is to create a firewall pattern without firewall. The only reason for this is to whitelist a pattern by placing it before another pattern without having to create a crazy regex --------------------------------------------------------------------------- by fabpot at 2013-01-18T15:00:19Z Can you also update the documentation about these two new settings? Thanks. --------------------------------------------------------------------------- by gigablah at 2013-01-19T04:37:08Z It's done. Added a section for Stateless Authentication, and a tip for the `security` flag.
'security' => falsewill disable the firewall (for a particular area) even if there are listeners configured.'stateless' => truewill preventContextListenerfrom getting registered.