diff --git a/security/custom_authentication_provider.rst b/security/custom_authentication_provider.rst
index 9b9b83edc61..391635ec5a8 100644
--- a/security/custom_authentication_provider.rst
+++ b/security/custom_authentication_provider.rst
@@ -172,7 +172,7 @@ the value returned for the expected WSSE information, creates a token using
that information, and passes the token on to the authentication manager. If
the proper information is not provided, or the authentication manager throws
an :class:`Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException`,
-a 403 Response is returned.
+a 401 Response is returned.
.. note::
@@ -188,7 +188,7 @@ a 403 Response is returned.
Returning prematurely from the listener is relevant only if you want to chain
authentication providers (for example to allow anonymous users). If you want
- to forbid access to anonymous users and have a nice 403 error, you should set
+ to forbid access to anonymous users and have a 404 error, you should set
the status code of the response before returning.
The Authentication Provider
diff --git a/security/entity_provider.rst b/security/entity_provider.rst
index 0e3573776e8..a46c00e4877 100644
--- a/security/entity_provider.rst
+++ b/security/entity_provider.rst
@@ -246,9 +246,10 @@ the username and then check the password (more on passwords in a moment):
-
+
+
diff --git a/security/force_https.rst b/security/force_https.rst
index 65d5138ed56..25ed6e079f8 100644
--- a/security/force_https.rst
+++ b/security/force_https.rst
@@ -33,7 +33,7 @@ to use HTTPS then you could use the following configuration:
-
+
@@ -83,7 +83,7 @@ role:
diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 14159a25cc0..7b40f9898aa 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -116,7 +116,7 @@ Next, make sure you've configured a "user provider" for the user:
-
+
@@ -133,6 +133,7 @@ Next, make sure you've configured a "user provider" for the user:
'your_db_provider' => [
'entity' => [
'class' => 'AppBundle:User',
+ 'property' => 'apiKey',
],
],
],
@@ -187,21 +188,18 @@ This requires you to implement several methods::
*/
public function getCredentials(Request $request)
{
- return [
- 'token' => $request->headers->get('X-AUTH-TOKEN'),
- ];
+ return $request->headers->get('X-AUTH-TOKEN');
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
- $apiKey = $credentials['token'];
-
- if (null === $apiKey) {
+ if (null === $credentials) {
+ // The token header was empty, authentication fails with 401
return;
}
- // if a User object, checkCredentials() is called
- return $userProvider->loadUserByUsername($apiKey);
+ // if a User is returned, checkCredentials() is called
+ return $userProvider->loadUserByUsername($credentials);
}
public function checkCredentials($credentials, UserInterface $user)
@@ -222,13 +220,14 @@ This requires you to implement several methods::
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$data = [
+ // you may ant to customize or obfuscate the message first
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
];
- return new JsonResponse($data, Response::HTTP_FORBIDDEN);
+ return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
}
/**
@@ -303,11 +302,11 @@ Finally, configure your ``firewalls`` key in ``security.yml`` to use this authen
-
-
+
+
+
+
AppBundle\Security\TokenAuthenticator
@@ -336,6 +335,8 @@ Finally, configure your ``firewalls`` key in ``security.yml`` to use this authen
TokenAuthenticator::class,
],
],
+ // if you want, disable storing the user in the session
+ // 'stateless' => true,
// ...
],
],
diff --git a/security/json_login_setup.rst b/security/json_login_setup.rst
index e5945671058..b62f07c1d6e 100644
--- a/security/json_login_setup.rst
+++ b/security/json_login_setup.rst
@@ -184,8 +184,8 @@ The security configuration should be:
+ username-path="security.credentials.login"
+ password-path="security.credentials.password"/>
diff --git a/security/ldap.rst b/security/ldap.rst
index 2b73e3a9f3b..35e82dcced3 100644
--- a/security/ldap.rst
+++ b/security/ldap.rst
@@ -152,20 +152,19 @@ use the ``ldap`` user provider.
-
+
.. code-block:: php
+ // app/config/security.php
use Symfony\Component\Ldap\Ldap;
$container->loadFromExtension('security', [
@@ -358,15 +357,15 @@ Configuration example for form login
-
+
.. code-block:: php
+ // app/config/security.php
use Symfony\Component\Ldap\Ldap;
$container->loadFromExtension('security', [
@@ -394,9 +393,8 @@ Configuration example for HTTP Basic
firewalls:
main:
- # ...
+ stateless: true
http_basic_ldap:
- # ...
service: Symfony\Component\Ldap\Ldap
dn_string: 'uid={username},dc=example,dc=com'
@@ -411,23 +409,28 @@ Configuration example for HTTP Basic
https://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
+
.. code-block:: php
+ // app/config/security.php
use Symfony\Component\Ldap\Ldap;
$container->loadFromExtension('security', [
+ // ...
+
'firewalls' => [
'main' => [
'http_basic_ldap' => [
'service' => Ldap::class,
'dn_string' => 'uid={username},dc=example,dc=com',
- // ...
],
'stateless' => true,
],
@@ -449,7 +452,6 @@ Configuration example for form login and query_string
main:
# ...
form_login_ldap:
- # ...
service: Symfony\Component\Ldap\Ldap
dn_string: 'dc=example,dc=com'
query_string: '(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))'
@@ -466,10 +468,10 @@ Configuration example for form login and query_string
-
+
+
@@ -482,11 +484,11 @@ Configuration example for form login and query_string
$container->loadFromExtension('security', [
'firewalls' => [
'main' => [
+ // ...
'form_login_ldap' => [
'service' => Ldap::class,
'dn_string' => 'dc=example,dc=com',
'query_string' => '(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))',
- // ...
],
],
]
diff --git a/security/multiple_guard_authenticators.rst b/security/multiple_guard_authenticators.rst
index 08486591eb5..b9f7622db17 100644
--- a/security/multiple_guard_authenticators.rst
+++ b/security/multiple_guard_authenticators.rst
@@ -68,7 +68,7 @@ This is how your security configuration can look in action:
'default' => [
'anonymous' => null,
'guard' => [
- 'entry_point' => '',
+ 'entry_point' => LoginFormAuthenticator::class,
'authenticators' => [
LoginFormAuthenticator::class,
FacebookConnectAuthenticator::class,
diff --git a/security/multiple_user_providers.rst b/security/multiple_user_providers.rst
index f228d0839a1..56ecaee6976 100644
--- a/security/multiple_user_providers.rst
+++ b/security/multiple_user_providers.rst
@@ -149,7 +149,6 @@ the first provider is always used:
'pattern' => '^/',
'provider' => 'user_db',
'http_basic' => [
- // ...
'realm' => 'Secured Demo Area',
'provider' => 'in_memory',
],
diff --git a/security/remember_me.rst b/security/remember_me.rst
index 698b53f4f57..8258e6a2408 100644
--- a/security/remember_me.rst
+++ b/security/remember_me.rst
@@ -348,7 +348,7 @@ service you just created:
@@ -357,6 +357,8 @@ service you just created:
.. code-block:: php
// app/config/security.php
+ use Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider;
+
$container->loadFromExtension('security', [
// ...
@@ -365,7 +367,7 @@ service you just created:
// ...
'remember_me' => [
// ...
- 'token_provider' => 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider',
+ 'token_provider' => DoctrineTokenProvider::class,
],
],
],
diff --git a/security/user_checkers.rst b/security/user_checkers.rst
index e32bc547acd..97f215bac82 100644
--- a/security/user_checkers.rst
+++ b/security/user_checkers.rst
@@ -89,8 +89,9 @@ is the service id of your user checker:
-
- AppBundle\Security\UserChecker
+
@@ -99,11 +100,10 @@ is the service id of your user checker:
.. code-block:: php
// app/config/security.php
-
- // ...
use AppBundle\Security\UserChecker;
$container->loadFromExtension('security', [
+ // ...
'firewalls' => [
'main' => [
'pattern' => '^/',