12/07/2015 - SYMFONY
Kullanıcılar sadece izinli oldukları adreslere girebilirler, aksi takdirde "403 Forbidden. Access Denied" hatası alırlar. Aşağıdaki örnek bu mantığa dayalıdır. Ayrıca kullanıcılar, roller, username, password ve URIler "security.yml" içinde belirtilmişlerdir. Daha fazla bilgi için buraya tıklayın.
Aşağıdaki örnekte "Backend" ve "Frontend" bundle serileri var. "Backend" sadece Admin ve Superadmin rolleri tarafından ulaşılabilir, "Frontend" ise tüm roller tarafından ulaşılabilir olduğu gibi, DefaultController için hiçbir role gerek yoktur. Not: Bu yöntem bize "Logout" seçeneği vermez.
http://football.local/
: IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/list
: IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/country
: ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/country/list
: ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/backend
: ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/backend/list
: ROLE_ADMIN, ROLE_SUPER_ADMINhttp://football.local/backend/secret
: ROLE_SUPER_ADMINhttp://football.local/backend/superadmin
: ROLE_SUPER_ADMINhttp://football.local/backend/superadmin/list
: ROLE_SUPER_ADMINBir kullanıcıya birden fazla rol atamak için roles: [ROLE_ADMIN, ROLE_SUPER_ADMIN]
kullanabilirsiniz. Ulaşım kontrolü ve sınırlaması en üst sıradan başladığı için, access_control
listesine en sınırlı URIler ile başlayın.
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
providers:
in_memory:
memory:
users:
basic:
password: $2a$12$Mnp6eUx1AJ5YABwmprcu/OHo21klIpQ/PA7D7PdKx5SA4urdav6/e #basic
roles: ROLE_USER
admin:
password: $2a$12$aRC0GRcjZS9bXfQYlpT8f.JkkrwuK0xZwKuoQ78i1CsErbHtriWLm #admin
roles: ROLE_ADMIN
super:
password: $2a$12$7SeyjOot3/3Ez1c0Dm8W0u/EenNEs8ykOl16D5aKkJkzLEq4lvXP2 #super
roles: ROLE_SUPER_ADMIN
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~ #Pops up a login popup in browser
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/backend/superadmin, role: ROLE_SUPER_ADMIN }
- { path: ^/backend/secret, role: ROLE_SUPER_ADMIN }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/country, role: ROLE_USER }
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
services:
application_frontend.controller.default:
class: Application\FrontendBundle\Controller\DefaultController
arguments:
- @templating
- @security.context
application_frontend.controller.country:
class: Application\FrontendBundle\Controller\CountryController
arguments:
- @templating
- @security.context
namespace Application\FrontendBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
use Symfony\Component\HttpFoundation\Response;
/**
* @Route("", service="application_frontend.controller.default")
*/
class DefaultController extends Controller
{
private $templating;
private $securityContext;
public function __construct(
EngineInterface $templating,
SecurityContextInterface $securityContext
) {
$this->templating = $templating;
$this->securityContext = $securityContext;
}
/**
* @Route("")
* @Method({"GET"})
*/
public function indexAction()
{
$message = sprintf('
Controller: /
Method: indexAction
Valid Roles: IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* @Route("/list")
* @Method({"GET"})
*/
public function listAction()
{
$message = sprintf('
Controller: /list
Method: listAction
Valid Roles: IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* Creates twig template.
*
* @param string $template
* @param array $parameters
*
* @return Response
*/
private function getTemplate($template, array $parameters = [])
{
return $this->templating->renderResponse(
sprintf('ApplicationFrontendBundle:Default:%s.html.twig', $template),
$parameters
);
}
}
namespace Application\FrontendBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
use Symfony\Component\HttpFoundation\Response;
/**
* @Route("country", service="application_frontend.controller.country")
*/
class CountryController extends Controller
{
private $templating;
private $securityContext;
public function __construct(
EngineInterface $templating,
SecurityContextInterface $securityContext
) {
$this->templating = $templating;
$this->securityContext = $securityContext;
}
/**
* @Route("")
* @Method({"GET"})
*/
public function indexAction()
{
$message = sprintf('
Controller: /country
Method: indexAction
Valid Roles: ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* @Route("/list")
* @Method({"GET"})
*/
public function listAction()
{
$message = sprintf('
Controller: /country/list
Method: listAction
Valid Roles: ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* Creates twig template.
*
* @param string $template
* @param array $parameters
*
* @return Response
*/
private function getTemplate($template, array $parameters = [])
{
return $this->templating->renderResponse(
sprintf('ApplicationFrontendBundle:Default:%s.html.twig', $template),
$parameters
);
}
}
{% extends '::base.html.twig' %}
{% block body %}
{% spaceless %}
{{ message|raw }}
{% endspaceless %}
{% endblock %}
services:
application_backend.controller.default:
class: Application\BackendBundle\Controller\DefaultController
arguments:
- @templating
- @security.context
application_backend.controller.superadmin:
class: Application\BackendBundle\Controller\SuperadminController
arguments:
- @templating
- @security.context
namespace Application\BackendBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
use Symfony\Component\HttpFoundation\Response;
/**
* @Route("", service="application_backend.controller.default")
*/
class DefaultController extends Controller
{
private $templating;
private $securityContext;
public function __construct(
EngineInterface $templating,
SecurityContextInterface $securityContext
) {
$this->templating = $templating;
$this->securityContext = $securityContext;
}
/**
* @Route("")
* @Method({"GET"})
*/
public function indexAction()
{
$message = sprintf('
Controller: /backend
Method: indexAction
Valid Roles: ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* @Route("/list")
* @Method({"GET"})
*/
public function listAction()
{
$message = sprintf('
Controller: /backend/list
Method: listAction
Valid Roles: ROLE_ADMIN, ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* @Route("/secret")
* @Method({"GET"})
*/
public function secretAction()
{
$message = sprintf('
Controller: /backend/secret
Method: secretAction
Valid Roles: ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* Creates twig template.
*
* @param string $template
* @param array $parameters
*
* @return Response
*/
private function getTemplate($template, array $parameters = [])
{
return $this->templating->renderResponse(
sprintf('ApplicationBackendBundle:Default:%s.html.twig', $template),
$parameters
);
}
}
namespace Application\BackendBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
use Symfony\Component\HttpFoundation\Response;
/**
* @Route("superadmin", service="application_backend.controller.superadmin")
*/
class SuperadminController extends Controller
{
private $templating;
private $securityContext;
public function __construct(
EngineInterface $templating,
SecurityContextInterface $securityContext
) {
$this->templating = $templating;
$this->securityContext = $securityContext;
}
/**
* @Route("")
* @Method({"GET"})
*/
public function indexAction()
{
$message = sprintf('
Controller: /backend/superadmin
Method: indexAction
Valid Roles: ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* @Route("/list")
* @Method({"GET"})
*/
public function listAction()
{
$message = sprintf('
Controller: /backend/superadmin/list
Method: listAction
Valid Roles: ROLE_SUPER_ADMIN
Current Role: %s
Username: %s',
$this->securityContext->getToken()->getRoles()[0]->getRole(),
$this->securityContext->getToken()->getUsername()
);
return $this->getTemplate('index', ['message' => $message]);
}
/**
* Creates twig template.
*
* @param string $template
* @param array $parameters
*
* @return Response
*/
private function getTemplate($template, array $parameters = [])
{
return $this->templating->renderResponse(
sprintf('ApplicationBackendBundle:Default:%s.html.twig', $template),
$parameters
);
}
}
{% extends '::base.html.twig' %}
{% block body %}
{% spaceless %}
{{ message|raw }}
{% endspaceless %}
{% endblock %}