From 6c9a204ebe15374ecf00bf7ef4d68d6a55f9771a Mon Sep 17 00:00:00 2001 From: Maxime Douailin Date: Fri, 6 Jun 2014 14:59:18 +0200 Subject: [PATCH 1/7] [Cookbook][Security] x509 doc for pre authenticated listeners --- cookbook/security/index.rst | 1 + cookbook/security/pre_authenticated.rst | 73 +++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 cookbook/security/pre_authenticated.rst diff --git a/cookbook/security/index.rst b/cookbook/security/index.rst index 9abede5ed68..a0175648843 100644 --- a/cookbook/security/index.rst +++ b/cookbook/security/index.rst @@ -16,5 +16,6 @@ Security securing_services custom_provider custom_authentication_provider + pre_authenticated target_path csrf_in_login_form diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst new file mode 100644 index 00000000000..f88ba593058 --- /dev/null +++ b/cookbook/security/pre_authenticated.rst @@ -0,0 +1,73 @@ +.. index:: + single: Security; Pre authenticated providers + +Using pre authenticated security firewalls +========================================== + +A lot of authentication modules are already provided by some webservers, +including Apache. These modules generally set some environment variables +that can be used to know which user is accessing your application. Out of the +box, Symfony supports most authentication mecanisms. +These are called *pre authenticated* requests because the user is already +authenticated when reaching your application. + +.. note:: + + An authentication provider will only inform the user provider of the username + that made the request. You will need to either use an available + :class:`Symfony\\Component\\Security\\Core\\User\\UserProviderInterface` + or implement your own: + + * :doc:`/cookbook/security/entity_provider` + * :doc:`/cookbook/security/custom_provider` + +X.509 Client certificate authentication +--------------------------------------- + +When using client certificate, your webserver is doing all the authentication +process itself. For Apache, on your VirtualHost, you may use the +``SSLVerifyClient Require`` directive. + +On your Symfony2 application security configuration, you can enable the x509 +authentication firewall: + +.. configuration-block:: + + .. code-block:: yaml + + # app/config/security.yml + security: + firewalls: + secured_area: + pattern: ^/ + x509: + provider: your_user_provider + + .. code-block:: xml + + + + + + + + + .. code-block:: php + + // app/config/security.php + $container->loadFromExtension('security', array( + 'firewalls' => array( + 'secured_area' => array( + 'pattern' => '^/' + 'x509' => array( + 'provider' => 'your_user_provider', + ), + ), + ), + )); + +By default, the firewall will provide the ``SSL_CLIENT_S_DN_Email`` variable to +your user provider, and set the ``SSL_CLIENT_S_DN`` as credentials in the +:class:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\PreAuthenticatedToken`. +You can override these by setting respectively the ``user`` and the ``credentials`` keys +in the x509 firewall configuration. From f5a6d5843063c15d7cf28c6b8a2e2ec7b1a83d68 Mon Sep 17 00:00:00 2001 From: Maxime Douailin Date: Fri, 6 Jun 2014 17:21:55 +0200 Subject: [PATCH 2/7] Added pre_authenticated to map.rst --- cookbook/map.rst.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/cookbook/map.rst.inc b/cookbook/map.rst.inc index 9eb4b0ab330..2d3e3101914 100644 --- a/cookbook/map.rst.inc +++ b/cookbook/map.rst.inc @@ -138,6 +138,7 @@ * :doc:`/cookbook/security/securing_services` * :doc:`/cookbook/security/custom_provider` * :doc:`/cookbook/security/custom_authentication_provider` + * :doc:`/cookbook/security/pre_authenticated` * :doc:`/cookbook/security/target_path` * :doc:`/cookbook/security/csrf_in_login_form` From 83c40e9049bf047229562de47dcd20cfc5f79fba Mon Sep 17 00:00:00 2001 From: Maxime Douailin Date: Fri, 6 Jun 2014 17:27:45 +0200 Subject: [PATCH 3/7] Corrected pre_authenticated cookbook entry --- cookbook/security/pre_authenticated.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst index f88ba593058..07c50cd5797 100644 --- a/cookbook/security/pre_authenticated.rst +++ b/cookbook/security/pre_authenticated.rst @@ -1,14 +1,14 @@ .. index:: single: Security; Pre authenticated providers -Using pre authenticated security firewalls +Using pre Authenticated Security Firewalls ========================================== A lot of authentication modules are already provided by some webservers, including Apache. These modules generally set some environment variables -that can be used to know which user is accessing your application. Out of the -box, Symfony supports most authentication mecanisms. -These are called *pre authenticated* requests because the user is already +that can be used to determine which user is accessing your application. Out of the +box, Symfony supports most authentication mechanisms. +These requests are called *pre authenticated* requests because the user is already authenticated when reaching your application. .. note:: From 01d18fe18497899b2ec4cd101efdc79eb4b90b52 Mon Sep 17 00:00:00 2001 From: Maxime Douailin Date: Fri, 6 Jun 2014 17:37:57 +0200 Subject: [PATCH 4/7] fixing last issues in pre_authenticated cookbook entry --- cookbook/security/pre_authenticated.rst | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst index 07c50cd5797..5f0ae01e195 100644 --- a/cookbook/security/pre_authenticated.rst +++ b/cookbook/security/pre_authenticated.rst @@ -21,15 +21,14 @@ authenticated when reaching your application. * :doc:`/cookbook/security/entity_provider` * :doc:`/cookbook/security/custom_provider` -X.509 Client certificate authentication +X.509 Client Certificate Authentication --------------------------------------- -When using client certificate, your webserver is doing all the authentication -process itself. For Apache, on your VirtualHost, you may use the +When using client certificates, your webserver is doing all the authentication +process itself. With Apache, for example, you would use the ``SSLVerifyClient Require`` directive. -On your Symfony2 application security configuration, you can enable the x509 -authentication firewall: +Enable the x509 authentication for a particular firewall in the security configuration: .. configuration-block:: @@ -66,8 +65,8 @@ authentication firewall: ), )); -By default, the firewall will provide the ``SSL_CLIENT_S_DN_Email`` variable to -your user provider, and set the ``SSL_CLIENT_S_DN`` as credentials in the +By default, the firewall provides the ``SSL_CLIENT_S_DN_Email`` variable to +the user provider, and sets the ``SSL_CLIENT_S_DN`` as credentials in the :class:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\PreAuthenticatedToken`. -You can override these by setting respectively the ``user`` and the ``credentials`` keys -in the x509 firewall configuration. +You can override these by setting the ``user`` and the ``credentials`` keys +in the x509 firewall configuration respectively. From 57cc9577e3f8dbd7c66e45d5cdb14588c4e89bc7 Mon Sep 17 00:00:00 2001 From: Maxime Douailin Date: Sun, 8 Jun 2014 13:45:37 +0200 Subject: [PATCH 5/7] full xml config, pushed the note at the end of the entry --- cookbook/security/pre_authenticated.rst | 40 ++++++++++++++----------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst index 5f0ae01e195..1bc74d7511b 100644 --- a/cookbook/security/pre_authenticated.rst +++ b/cookbook/security/pre_authenticated.rst @@ -4,23 +4,13 @@ Using pre Authenticated Security Firewalls ========================================== -A lot of authentication modules are already provided by some webservers, +A lot of authentication modules are already provided by some web servers, including Apache. These modules generally set some environment variables -that can be used to determine which user is accessing your application. Out of the +that can be used to determine which user is accessing your application. Out of the box, Symfony supports most authentication mechanisms. These requests are called *pre authenticated* requests because the user is already authenticated when reaching your application. -.. note:: - - An authentication provider will only inform the user provider of the username - that made the request. You will need to either use an available - :class:`Symfony\\Component\\Security\\Core\\User\\UserProviderInterface` - or implement your own: - - * :doc:`/cookbook/security/entity_provider` - * :doc:`/cookbook/security/custom_provider` - X.509 Client Certificate Authentication --------------------------------------- @@ -44,12 +34,17 @@ Enable the x509 authentication for a particular firewall in the security configu .. code-block:: xml + - - - - - + + + + + + + + .. code-block:: php @@ -66,7 +61,16 @@ Enable the x509 authentication for a particular firewall in the security configu )); By default, the firewall provides the ``SSL_CLIENT_S_DN_Email`` variable to -the user provider, and sets the ``SSL_CLIENT_S_DN`` as credentials in the +the user provider, and sets the ``SSL_CLIENT_S_DN`` as credentials in the :class:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\PreAuthenticatedToken`. You can override these by setting the ``user`` and the ``credentials`` keys in the x509 firewall configuration respectively. + +.. note:: + + An authentication provider will only inform the user provider of the username + that made the request. You will need to create (or use) a "user provider" that + turns that username into a User object of your choice: + + * :doc:`/cookbook/security/custom_provider` + * :doc:`/cookbook/security/entity_provider` \ No newline at end of file From beeb0574a4c27ce6d7116aba7a761e595e164250 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sun, 8 Jun 2014 17:21:43 +0200 Subject: [PATCH 6/7] Added May changelog --- changelog.rst | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/changelog.rst b/changelog.rst index ca4723a032d..17d9ba9254e 100644 --- a/changelog.rst +++ b/changelog.rst @@ -13,6 +13,68 @@ documentation. Do you also want to participate in the Symfony Documentation? Take a look at the ":doc:`/contributing/documentation/overview`" article. +May, 2014 +--------- + +New Documentation +~~~~~~~~~~~~~~~~~ + +- `af8c20f `_ #3818 [Form customization] added block_name example. (aitboudad) +- `c788325 `_ #3841 [Cookbook][Logging] register processor per handler and per channel (xabbuh) +- `979533a `_ #3839 document how to test actions (greg0ire) +- `d8aaac3 `_ #3835 Updated framework.ide configuration (WouterJ) +- `f665e14 `_ #3704 [Form] Added documentation for Form Events (csarrazi) +- `14b9f14 `_ #3777 added docs for the core team (fabpot) + +Fixed Documentation +~~~~~~~~~~~~~~~~~~~ + +- `0649c21 `_ #3869 Add a missing argument to the PdoSessionHandler (jakzal) +- `259a2b7 `_ #3866 [Book][Security]fixed Login when there is no session. (aitboudad) +- `9b7584f `_ #3863 Error in XML (tvlooy) +- `0cb9c3b `_ #3827 Update 'How to Create and store a Symfony2 Project in Git' (nicwortel) +- `4ed9a08 `_ #3830 Generate an APC prefix based on __FILE__ (trsteel88) +- `9a65412 `_ #3840 Update dialoghelper.rst (jdecoster) +- `1853fea `_ #3716 Fix issue #3712 (umpirsky) +- `80d70a4 `_ #3779 [Book][Security] constants are defined in the SecurityContextInterface (xabbuh) + +Minor Documentation Changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- `302fa82 `_ #3872 Update hostname_pattern.rst (sofany) +- `50672f7 `_ #3867 fixed missing info about FosUserBundle. (aitboudad) +- `b32ec15 `_ #3856 Update voters_data_permission.rst (MarcomTeam) +- `bffe163 `_ #3859 Add filter cssrewrite (DOEO) +- `f617ff8 `_ #3764 Update testing.rst (NAYZO) +- `3792fee `_ #3858 Clarified Password Encoders example (WouterJ) +- `663d68c `_ #3857 Added little bit information about the route name (WouterJ) +- `4211bff `_ #3852 Fixed link and typo in type_guesser.rst (rpg600) +- `78ae7ec `_ #3845 added link to /cookbook/security/force_https. (aitboudad) +- `6c69362 `_ #3846 [Routing][Loader] added JMSI18nRoutingBundle (aitboudad) +- `136864b `_ #3844 [Components] Fixed some typos. (ahsio) +- `b0710bc `_ #3842 Update dialoghelper.rst (bijsterdee) +- `9f1a354 `_ #3804 [Components][DependencyInjection] add note about a use case that requires to compile the container (xabbuh) +- `d92c522 `_ #3769 Updated references to new Session() (scottwarren) +- `7288a33 `_ #3789 [Reference][Forms] Improvements to the form type (xabbuh) +- `72fae25 `_ #3790 [Reference][Forms] move versionadded directives for form options directly below the option's headline (xabbuh) +- `b4d4ac3 `_ #3838 fix filename typo in cookbook/form/unit_testing.rst (hice3000) +- `0b06287 `_ #3836 remove unnecessary rewrite from nginx conf (Burgov) +- `e58e39f `_ #3832 fix the wording in versionadded directives (for the 2.3 branch) (xabbuh) +- `09d6ca1 `_ #3829 [Components] consistent headlines (xabbuh) +- `54e0882 `_ #3828 [Contributing] consistent headlines (xabbuh) +- `b1336d7 `_ #3823 Added empty line after if statements (zomberg) +- `79b9fdc `_ #3822 Update voters_data_permission.rst (mimol91) +- `69cb7b8 `_ #3821 Update custom_authentication_provider.rst (leberknecht) +- `9f602c4 `_ #3820 Update page_creation.rst (adreeun) +- `52518c0 `_ #3819 Update csrf_in_login_form.rst (micheal) +- `1adfd9b `_ #3802 Add a note about which types can be used in Symfony (fabpot) +- `fa27ded `_ #3801 [Cookbook][Form] Fixed Typo & missing word. (ahsio) +- `127beed `_ #3770 Update factories.rst (AlaaAttya) +- `822d985 `_ #3817 Update translation.rst (richardpi) +- `241d923 `_ #3813 [Reference][Forms]fix time field count. (yositani2002) +- `bc96f55 `_ #3812 [Cookbook][Configuration] Fixed broken link. (ahsio) +- `5867327 `_ #3809 Fixed typo (WouterJ) + April, 2014 ----------- From b937b41b2cb26aa4c063804228ecd771d97485e2 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sun, 8 Jun 2014 17:22:28 +0200 Subject: [PATCH 7/7] Added May changelog --- changelog.rst | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/changelog.rst b/changelog.rst index ef4f2f3226c..db4ed4f8fe0 100644 --- a/changelog.rst +++ b/changelog.rst @@ -13,6 +13,71 @@ documentation. Do you also want to participate in the Symfony Documentation? Take a look at the ":doc:`/contributing/documentation/overview`" article. +May, 2014 +--------- + +New Documentation +~~~~~~~~~~~~~~~~~ + +- `e8511cb `_ #3776 Updated event_listener.rst (bfgasparin) +- `af8c20f `_ #3818 [Form customization] added block_name example. (aitboudad) +- `c788325 `_ #3841 [Cookbook][Logging] register processor per handler and per channel (xabbuh) +- `979533a `_ #3839 document how to test actions (greg0ire) +- `d8aaac3 `_ #3835 Updated framework.ide configuration (WouterJ) +- `f665e14 `_ #3704 [Form] Added documentation for Form Events (csarrazi) +- `14b9f14 `_ #3777 added docs for the core team (fabpot) + +Fixed Documentation +~~~~~~~~~~~~~~~~~~~ + +- `0649c21 `_ #3869 Add a missing argument to the PdoSessionHandler (jakzal) +- `259a2b7 `_ #3866 [Book][Security]fixed Login when there is no session. (aitboudad) +- `9b7584f `_ #3863 Error in XML (tvlooy) +- `0cb9c3b `_ #3827 Update 'How to Create and store a Symfony2 Project in Git' (nicwortel) +- `4ed9a08 `_ #3830 Generate an APC prefix based on __FILE__ (trsteel88) +- `9a65412 `_ #3840 Update dialoghelper.rst (jdecoster) +- `1853fea `_ #3716 Fix issue #3712 (umpirsky) +- `80d70a4 `_ #3779 [Book][Security] constants are defined in the SecurityContextInterface (xabbuh) + +Minor Documentation Changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- `302fa82 `_ #3872 Update hostname_pattern.rst (sofany) +- `50672f7 `_ #3867 fixed missing info about FosUserBundle. (aitboudad) +- `b32ec15 `_ #3856 Update voters_data_permission.rst (MarcomTeam) +- `bffe163 `_ #3859 Add filter cssrewrite (DOEO) +- `f617ff8 `_ #3764 Update testing.rst (NAYZO) +- `3792fee `_ #3858 Clarified Password Encoders example (WouterJ) +- `663d68c `_ #3857 Added little bit information about the route name (WouterJ) +- `4211bff `_ #3852 Fixed link and typo in type_guesser.rst (rpg600) +- `78ae7ec `_ #3845 added link to /cookbook/security/force_https. (aitboudad) +- `6c69362 `_ #3846 [Routing][Loader] added JMSI18nRoutingBundle (aitboudad) +- `136864b `_ #3844 [Components] Fixed some typos. (ahsio) +- `b0710bc `_ #3842 Update dialoghelper.rst (bijsterdee) +- `9f1a354 `_ #3804 [Components][DependencyInjection] add note about a use case that requires to compile the container (xabbuh) +- `d92c522 `_ #3769 Updated references to new Session() (scottwarren) +- `7288a33 `_ #3789 [Reference][Forms] Improvements to the form type (xabbuh) +- `72fae25 `_ #3790 [Reference][Forms] move versionadded directives for form options directly below the option's headline (xabbuh) +- `b4d4ac3 `_ #3838 fix filename typo in cookbook/form/unit_testing.rst (hice3000) +- `0b06287 `_ #3836 remove unnecessary rewrite from nginx conf (Burgov) +- `89d0dae `_ #3833 fix the wording in versionadded directives (for the 2.4 branch) (xabbuh) +- `e58e39f `_ #3832 fix the wording in versionadded directives (for the 2.3 branch) (xabbuh) +- `09d6ca1 `_ #3829 [Components] consistent headlines (xabbuh) +- `54e0882 `_ #3828 [Contributing] consistent headlines (xabbuh) +- `b1336d7 `_ #3823 Added empty line after if statements (zomberg) +- `79b9fdc `_ #3822 Update voters_data_permission.rst (mimol91) +- `69cb7b8 `_ #3821 Update custom_authentication_provider.rst (leberknecht) +- `9f602c4 `_ #3820 Update page_creation.rst (adreeun) +- `52518c0 `_ #3819 Update csrf_in_login_form.rst (micheal) +- `1adfd9b `_ #3802 Add a note about which types can be used in Symfony (fabpot) +- `fa27ded `_ #3801 [Cookbook][Form] Fixed Typo & missing word. (ahsio) +- `127beed `_ #3770 Update factories.rst (AlaaAttya) +- `822d985 `_ #3817 Update translation.rst (richardpi) +- `241d923 `_ #3813 [Reference][Forms]fix time field count. (yositani2002) +- `bc96f55 `_ #3812 [Cookbook][Configuration] Fixed broken link. (ahsio) +- `5867327 `_ #3809 Fixed typo (WouterJ) +- `678224e `_ #3808 Fixed broken link in "Handling Authentication Failure" (stacyhorton) + April, 2014 -----------