leaseweb / secure-controller-bundle
Provide '@Secure' annotation to secure actions in controllers by specifying required roles
Installs: 125 800
Dependents: 0
Suggesters: 0
Security: 0
Stars: 14
Watchers: 24
Forks: 7
Open Issues: 2
Type:symfony-bundle
Requires
- php: >=5.3.2
- doctrine/annotations: @stable
- symfony/framework-bundle: >=2.8
- symfony/security-acl: >=2.8
- symfony/security-bundle: >=2.8
Requires (Dev)
- doctrine/doctrine-bundle: @stable
This package is not auto-updated.
Last update: 2025-01-18 16:33:15 UTC
README
Provide '@Secure' annotation to secure actions in controllers by specifying required roles.
NB: Instead of this bundle you may want to use the @Security annotation provided by the SensioFrameworkExtraBundle (Symfony 2.4+ feature)
NB: This bundle was created because the JMSSecurityExtraBundle is no longer provided in Symfony 2.3 (due to a license incompatibility) and this was the only feature we needed.
Requirements
- PHP 5.3
- Symfony 2.8
Installation
Installation is broken down in the following steps:
- Download LswSecureControllerBundle using composer
- Enable the Bundle
Step 1: Download LswSecureControllerBundle using composer
Add LswSecureControllerBundle in your composer.json:
{ "require": { "leaseweb/secure-controller-bundle": "*", ... } }
Now tell composer to download the bundle by running the command:
$ php composer.phar update leaseweb/secure-controller-bundle
Composer will install the bundle to your project's vendor/leaseweb
directory.
Step 2: Enable the bundle
Enable the bundle in the kernel:
<?php // app/AppKernel.php public function registerBundles() { $bundles = array( // ... new Lsw\SecureControllerBundle\LswSecureControllerBundle(), ); }
Usage
As an example we show how to use the '@Secure' annotation in the AcmeDemoBundle to secure the "hello world" page requiring the role "ROLE_TEST" to execute.
In src/Acme/DemoBundle/Controller/SecuredController.php
you should add the following line on
top, but under the namespace definition:
use Lsw\SecureControllerBundle\Annotation\Secure;
To require the "ROLE_TEST" for "helloAction" in the "SecuredController" you should add the line
@Secure(roles="ROLE_TEST")
to the DocBlock of the "helloAction" like this:
/** * @Secure(roles="ROLE_TEST") * @Route("/hello", defaults={"name"="World"}), * @Route("/hello/{name}", name="_demo_secured_hello") * @Template() */ public function helloAction($name) { return array('name' => $name); }
Or to the DocBlock of the controller like this:
/** * @Secure(roles="ROLE_TEST") */ class AdminController extends Controller { ... }
If the user does not have the role the following error should appear when accessing the action:
Current user is not granted required role "ROLE_TEST".
403 Forbidden - AccessDeniedHttpException
1 linked Exception:
If you put the "@Secure" annotation on an action that is not behind a firewall you get this error:
@Secure(...) annotation found without firewall on "helloAction" in
".../src/Acme/DemoBundle/Controller/DemoController.php"
500 Internal Server Error - AuthenticationCredentialsNotFoundException
Note that you can configure the firewall in app/config/security.yml
.
Credits
This would not have been possible without Matthias Noback his excellent posts:
- Symfony2 & Doctrine Common: creating powerful annotations
- Prevent Controller Execution with Annotations and Return a Custom Response
Contributors
License
This bundle is under the MIT license.