123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364 |
- <?php
-
- /*
- * This file is part of the Symfony framework.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * This source file is subject to the MIT license that is bundled
- * with this source code in the file LICENSE.
- */
-
- namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
-
- use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
-
- use Symfony\Component\Config\Definition\Builder\TreeBuilder;
- use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
- use Symfony\Component\Config\Definition\ConfigurationInterface;
-
- /**
- * This class contains the configuration information for the following tags:
- *
- * * security.config
- * * security.acl
- *
- * This information is solely responsible for how the different configuration
- * sections are normalized, and merged.
- *
- * @author Johannes M. Schmitt <schmittjoh@gmail.com>
- */
- class MainConfiguration implements ConfigurationInterface
- {
- private $factories;
-
- /**
- * Constructor.
- *
- * @param array $factories
- */
- public function __construct(array $factories)
- {
- $this->factories = $factories;
- }
-
- /**
- * Generates the configuration tree builder.
- *
- * @return \Symfony\Component\Config\Definition\Builder\TreeBuilder The tree builder
- */
- public function getConfigTreeBuilder()
- {
- $tb = new TreeBuilder();
- $rootNode = $tb->root('security');
-
- $rootNode
- ->children()
- ->scalarNode('access_denied_url')->defaultNull()->end()
- ->scalarNode('session_fixation_strategy')->cannotBeEmpty()->defaultValue('migrate')->end()
- ->booleanNode('hide_user_not_found')->defaultTrue()->end()
- ->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
- ->arrayNode('access_decision_manager')
- ->addDefaultsIfNotSet()
- ->children()
- ->scalarNode('strategy')->defaultValue('affirmative')->end()
- ->booleanNode('allow_if_all_abstain')->defaultFalse()->end()
- ->booleanNode('allow_if_equal_granted_denied')->defaultTrue()->end()
- ->end()
- ->end()
- ->end()
- // add a faux-entry for factories, so that no validation error is thrown
- ->fixXmlConfig('factory', 'factories')
- ->children()
- ->arrayNode('factories')->ignoreExtraKeys()->end()
- ->end()
- ;
-
- $this->addAclSection($rootNode);
- $this->addEncodersSection($rootNode);
- $this->addProvidersSection($rootNode);
- $this->addFirewallsSection($rootNode, $this->factories);
- $this->addAccessControlSection($rootNode);
- $this->addRoleHierarchySection($rootNode);
-
- return $tb;
- }
-
- private function addAclSection(ArrayNodeDefinition $rootNode)
- {
- $rootNode
- ->children()
- ->arrayNode('acl')
- ->children()
- ->scalarNode('connection')->end()
- ->arrayNode('cache')
- ->addDefaultsIfNotSet()
- ->children()
- ->scalarNode('id')->end()
- ->scalarNode('prefix')->defaultValue('sf2_acl_')->end()
- ->end()
- ->end()
- ->scalarNode('provider')->end()
- ->arrayNode('tables')
- ->addDefaultsIfNotSet()
- ->children()
- ->scalarNode('class')->defaultValue('acl_classes')->end()
- ->scalarNode('entry')->defaultValue('acl_entries')->end()
- ->scalarNode('object_identity')->defaultValue('acl_object_identities')->end()
- ->scalarNode('object_identity_ancestors')->defaultValue('acl_object_identity_ancestors')->end()
- ->scalarNode('security_identity')->defaultValue('acl_security_identities')->end()
- ->end()
- ->end()
- ->arrayNode('voter')
- ->addDefaultsIfNotSet()
- ->children()
- ->booleanNode('allow_if_object_identity_unavailable')->defaultTrue()->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ;
- }
-
- private function addRoleHierarchySection(ArrayNodeDefinition $rootNode)
- {
- $rootNode
- ->fixXmlConfig('role', 'role_hierarchy')
- ->children()
- ->arrayNode('role_hierarchy')
- ->useAttributeAsKey('id')
- ->prototype('array')
- ->performNoDeepMerging()
- ->beforeNormalization()->ifString()->then(function($v) { return array('value' => $v); })->end()
- ->beforeNormalization()
- ->ifTrue(function($v) { return is_array($v) && isset($v['value']); })
- ->then(function($v) { return preg_split('/\s*,\s*/', $v['value']); })
- ->end()
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->end()
- ;
- }
-
- private function addAccessControlSection(ArrayNodeDefinition $rootNode)
- {
- $rootNode
- ->fixXmlConfig('rule', 'access_control')
- ->children()
- ->arrayNode('access_control')
- ->cannotBeOverwritten()
- ->prototype('array')
- ->children()
- ->scalarNode('requires_channel')->defaultNull()->end()
- ->scalarNode('path')->defaultNull()->end()
- ->scalarNode('host')->defaultNull()->end()
- ->scalarNode('ip')->defaultNull()->end()
- ->arrayNode('methods')
- ->beforeNormalization()->ifString()->then(function($v) { return preg_split('/\s*,\s*/', $v); })->end()
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->fixXmlConfig('role')
- ->children()
- ->arrayNode('roles')
- ->beforeNormalization()->ifString()->then(function($v) { return preg_split('/\s*,\s*/', $v); })->end()
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ;
- }
-
- private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $factories)
- {
- $firewallNodeBuilder = $rootNode
- ->fixXmlConfig('firewall')
- ->children()
- ->arrayNode('firewalls')
- ->isRequired()
- ->requiresAtLeastOneElement()
- ->disallowNewKeysInSubsequentConfigs()
- ->useAttributeAsKey('name')
- ->prototype('array')
- ->children()
- ;
-
- $firewallNodeBuilder
- ->scalarNode('pattern')->end()
- ->booleanNode('security')->defaultTrue()->end()
- ->scalarNode('request_matcher')->end()
- ->scalarNode('access_denied_url')->end()
- ->scalarNode('access_denied_handler')->end()
- ->scalarNode('entry_point')->end()
- ->scalarNode('provider')->end()
- ->booleanNode('stateless')->defaultFalse()->end()
- ->scalarNode('context')->cannotBeEmpty()->end()
- ->arrayNode('logout')
- ->treatTrueLike(array())
- ->canBeUnset()
- ->children()
- ->scalarNode('path')->defaultValue('/logout')->end()
- ->scalarNode('target')->defaultValue('/')->end()
- ->scalarNode('success_handler')->end()
- ->booleanNode('invalidate_session')->defaultTrue()->end()
- ->end()
- ->fixXmlConfig('delete_cookie')
- ->children()
- ->arrayNode('delete_cookies')
- ->beforeNormalization()
- ->ifTrue(function($v) { return is_array($v) && is_int(key($v)); })
- ->then(function($v) { return array_map(function($v) { return array('name' => $v); }, $v); })
- ->end()
- ->useAttributeAsKey('name')
- ->prototype('array')
- ->children()
- ->scalarNode('path')->defaultNull()->end()
- ->scalarNode('domain')->defaultNull()->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->fixXmlConfig('handler')
- ->children()
- ->arrayNode('handlers')
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->end()
- ->arrayNode('anonymous')
- ->canBeUnset()
- ->children()
- ->scalarNode('key')->defaultValue(uniqid())->end()
- ->end()
- ->end()
- ->arrayNode('switch_user')
- ->canBeUnset()
- ->children()
- ->scalarNode('provider')->end()
- ->scalarNode('parameter')->defaultValue('_switch_user')->end()
- ->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
- ->end()
- ->end()
- ;
-
- $abstractFactoryKeys = array();
- foreach ($factories as $factoriesAtPosition) {
- foreach ($factoriesAtPosition as $factory) {
- $name = str_replace('-', '_', $factory->getKey());
- $factoryNode = $firewallNodeBuilder->arrayNode($name)
- ->canBeUnset()
- ;
-
- if ($factory instanceof AbstractFactory) {
- $abstractFactoryKeys[] = $name;
- }
-
- $factory->addConfiguration($factoryNode);
- }
- }
-
- // check for unreachable check paths
- $firewallNodeBuilder
- ->end()
- ->validate()
- ->ifTrue(function($v) {
- return true === $v['security'] && isset($v['pattern']) && !isset($v['request_matcher']);
- })
- ->then(function($firewall) use($abstractFactoryKeys) {
- foreach ($abstractFactoryKeys as $k) {
- if (!isset($firewall[$k]['check_path'])) {
- continue;
- }
-
- if (false !== strpos('/', $firewall[$k]['check_path']) && !preg_match('#'.$firewall['pattern'].'#', $firewall[$k]['check_path'])) {
- throw new \LogicException(sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern']));
- }
- }
-
- return $firewall;
- })
- ->end()
- ;
- }
-
- private function addProvidersSection(ArrayNodeDefinition $rootNode)
- {
- $rootNode
- ->fixXmlConfig('provider')
- ->children()
- ->arrayNode('providers')
- ->disallowNewKeysInSubsequentConfigs()
- ->isRequired()
- ->requiresAtLeastOneElement()
- ->useAttributeAsKey('name')
- ->prototype('array')
- ->children()
- ->scalarNode('id')->end()
- ->arrayNode('entity')
- ->children()
- ->scalarNode('class')->isRequired()->cannotBeEmpty()->end()
- ->scalarNode('property')->defaultNull()->end()
- ->end()
- ->end()
- ->end()
- ->fixXmlConfig('provider')
- ->children()
- ->arrayNode('providers')
- ->beforeNormalization()
- ->ifString()
- ->then(function($v) { return preg_split('/\s*,\s*/', $v); })
- ->end()
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->fixXmlConfig('user')
- ->children()
- ->arrayNode('users')
- ->useAttributeAsKey('name')
- ->prototype('array')
- ->children()
- ->scalarNode('password')->defaultValue(uniqid())->end()
- ->arrayNode('roles')
- ->beforeNormalization()->ifString()->then(function($v) { return preg_split('/\s*,\s*/', $v); })->end()
- ->prototype('scalar')->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ;
- }
-
- private function addEncodersSection(ArrayNodeDefinition $rootNode)
- {
- $rootNode
- ->fixXmlConfig('encoder')
- ->children()
- ->arrayNode('encoders')
- ->requiresAtLeastOneElement()
- ->useAttributeAsKey('class')
- ->prototype('array')
- ->canBeUnset()
- ->performNoDeepMerging()
- ->beforeNormalization()->ifString()->then(function($v) { return array('algorithm' => $v); })->end()
- ->children()
- ->scalarNode('algorithm')->cannotBeEmpty()->end()
- ->booleanNode('ignore_case')->defaultFalse()->end()
- ->booleanNode('encode_as_base64')->defaultTrue()->end()
- ->scalarNode('iterations')->defaultValue(5000)->end()
- ->scalarNode('id')->end()
- ->end()
- ->end()
- ->end()
- ->end()
- ;
- }
- }
|