The Symfony Security component is divided into two main parts: authentication and authorization. The authorization subsystem checks whether the user has permission to access the given resource. This system is related to roles and voters and is both powerful and simple to use.
The authentication subsystem checks the user identity through any of the supported methods: username + password, certificates, API tokens, etc. This subsystem is powerful and flexible, but lots of Symfony developers struggle with its complexity.
A new security-related component called Guard aims at simplifying the
authentication subsystem. This radical new approach is based on creating just
one PHP class that implements GuardAuthenticatorInterface. This interface
defines the following seven methods:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
interface GuardAuthenticatorInterface
{
/**
* Get the authentication credentials from the request. If you return null,
* authentication will be skipped.
*
* For example, for a form login, you might:
*
* return array(
* 'username' => $request->request->get('_username'),
* 'password' => $request->request->get('_password'),
* );
*
* Or for an API token that's on a header, you might use:
*
* return array('api_key' => $request->headers->get('X-API-TOKEN'));
*/
public function getCredentials(Request $request);
/**
* Return a UserInterface object based on the credentials returned by getCredentials()
*/
public function getUser($credentials, UserProviderInterface $userProvider);
/**
* Throw an AuthenticationException if the credentials returned by
* getCredentials() are invalid.
*/
public function checkCredentials($credentials, UserInterface $user);
/**
* Create an authenticated token for the given user. You can skip this
* method by extending the AbstractGuardAuthenticator class from your
* authenticator.
*/
public function createAuthenticatedToken(UserInterface $user, $providerKey);
/**
* Called when authentication executed, but failed (e.g. wrong username password).
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception);
/**
* Called when authentication executed and was successful (for example a
* RedirectResponse to the last page they visited)
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey);
/**
* Does this method support remember me cookies?
*/
public function supportsRememberMe();
}After implementing this interface you'll be able to authenticate users via login forms, Facebook, Twitter or any other OAuth-based service, API tokens, etc. Moreover, you'll be able to customize successful and failure behavior very easily.
Showing a complete example of the Guard component in action is beyond the purpose of this article, but you can read (and help us finish) the work in progress documentation of the component and its official tutorial.
Than you Ryan Weaver ! :)
Thank you very much Ryan! You did an awesome job. I'm looking forward to seeing Guard authentication in Symfony 2.8. :)
Amazing improvement, keep up the great work.
Great news! Ryan, you're the man! :)
This component is awesome. However, there is the same issue as for the PropertyAccess component: the "Code" links on the following pages:
It should be https://github.com/symfony/security-guard
@Maxime this should be fixed by now. I'll check it again.
As one of the struggling developers, I think this looks a really really great. Thanks a lot!
Now add google or facebook became very simple! Very good job Ryan!
That's awesome !
Finally ! Great Job !
Very good initiative ! It seems easy to tests and very powerful
Good, the full system system was too complicated for a basic use.
@Javier Eguiluz: The "guard" link seems still broken.
Great work Ryan! @Javier GuardAuthenticatorInterface extends from AuthenticationEntryPointInterface, so there is one more method to implement - start()
amazing, thanks ryan and symfony teams.