Symfony Security: Beautiful Authentication, Powerful Authorization

Oh no, it's time to add security! Ahhh!

Wait, come back! Security in Symfony is awesome! Seriously, between things called "voters" and the Guard authentication system, you can do anything you want inside of Symfony, and the code to do it is simple and expressive.

Security has two sides: authentication (who are you?) and authorization (do you have access to do X). We'll talk about each of these, creating an traditional form login system and and API token authentication. Then, we'll turn to authorization, with roles, voters and other good stuff:

• Making a User with the fancy new make:user command (ooOOOoo)
• Security & Firewall Fundamentals
• Creating a custom login form
• CSRF protection
• API token authentication system
• All about Guard authentication
• User Providers (why you need them, but don't care)
• Password Encryption
• Logging out!
• Protecting entire URLs with access_control(s)
• IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED
• Checking access with roles! ROLE_USER
• Denying access in a controller
• What are voters?
• Role hierarchies
• Impersonation (switch_user)
• Automatic Login (after Registration)

... and how to create a back door into your... spaceship... that will allow it to be destroyed with one careful shot. Just kidding! Let's make some secure sites / spaceships!

Темы: Symfony

Инструменты: PHP Frameworks

Направления: Web Development Web Security