New in Symfony 3.1: Improved the Security Profiler Panel

Contributed by
Javier Eguiluz
in #17887.

The Symfony Profiler (and the web debug toolbar) are the most useful tools to check out what's going on during the execution of your application. Most of the profiler panels provide lots of information, except one of them: the security panel.

This is how the current security panel looks for the Symfony Demo application:

You can see the username of the logged in user, their roles, the token class and that's all. Considering that the Symfony Security component is a complex beast, you may be wondering where's all the information missing in that panel.

In Symfony 3.1 we decided to update this panel to provide much more information. First, we'll list the security voters active in your application and the voting strategy used:

In addition, we now log all the voting decisions made during the rendering of the page. Consider for example the Symfony Demo page that renders a single blog post. In the base template, the application checks whether the user is an admin:

1
2
3
{% if is_granted('ROLE_ADMIN') %}
    <a href="{{ path('admin_post_index') }}">...</a>
{% endif %}

In addition, the template that renders the blog post checks whether the user is logged to decide if they can post comments:

1
2
3
4
5
{% if is_granted('IS_AUTHENTICATED_FULLY') %}
    {{ render(controller('AppBundle:Blog:commentForm', { id: post.id })) }}
{% else %}
    ...
{% endif %}

These security checks performed with the is_granted() helper are now logged and displayed in the security panel to help you debug any issue:

In this simple example, the object is always null and the attribute is just a string, but the profiler supports any kind of object or data type and multiple attributes too. Besides, they are always properly formatted to improve your productivity:

The Symfony Demo application only makes security decisions in the templates with the is_granted() helper, but if your application uses the isGranted() method in your PHP code, those decisions will also be logged.

Combining all these new features, this is how the screenshot showed at the beginning of this article will look in Symfony 3.1:

Comments

That's cool nice improvement
Awesome!
Great news!!!
Thank you Javier !
I think there should be File/Line number (or stack trace) where access decision was requested
Much appreciated! Thanks! :)
awesome!
Great feature!
Excellent ! Very usefull feature.
This will definitely help us with debugging a lot!

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.