Add authorization

c15b6b01 · Maxime Veber · 5a79b5c7 · c15b6b01 · c15b6b01 · c15b6b01
Commit c15b6b01 authored 7 years ago by Maxime Veber
--- a/foo.php
+++ b/foo.php
 <?php

 require __DIR__ . '/vendor/autoload.php';
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use BiiG\SecurityTest\Kernel;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Http\FirewallMap;
+use Symfony\Component\HttpFoundation\RequestMatcher,
+    Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage,
+    BiiG\SecurityTest\CustomAuthenticationListener,
+    BiiG\SecurityTest\CustomAuthenticationProvider,
+    Symfony\Component\Security\Http\Firewall,
+    Symfony\Component\HttpKernel\KernelEvents,
+    Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter,
+    Symfony\Component\Security\Core\Role\RoleHierarchy,
+    Symfony\Component\Security\Core\Authorization\AccessDecisionManager
+    ;
+use Symfony\Component\Security\Http\AccessMap;
+use Symfony\Component\Security\Http\Firewall\AccessListener;
+
+
+
+
+$request = Request::createFromGlobals();
+$dispatcher = new EventDispatcher();
+$kernel = new Kernel($dispatcher, function() {
+    return new Response("<h1>Hello</h1>");
+});


-$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
-$dispatcher = new \Symfony\Component\EventDispatcher\EventDispatcher();
-

 ///////////////////////
-/// FIREWALL
-
-$map = new \Symfony\Component\Security\Http\FirewallMap();
-
-$requestMatcher = new \Symfony\Component\HttpFoundation\RequestMatcher('^/');
+/// FIREWALL CONFIG

-$tokenStorage = new \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage();
+$map = new FirewallMap();

+$requestMatcher = new RequestMatcher('^/');
+$tokenStorage = new TokenStorage();
 // instances of Symfony\Component\Security\Http\Firewall\ListenerInterface
+$authManager = new CustomAuthenticationProvider();
 $listeners = [
-    new \BiiG\SecurityTest\CustomAuthenticationListener(
+    new CustomAuthenticationListener(
        $tokenStorage,
-        new \BiiG\SecurityTest\CustomAuthenticationProvider(),
+        $authManager,
        'swagg'
    )
 ];
-
 // The exception listener object is too complex for this example
 /*
 $exceptionListener = new \Symfony\Component\Security\Http\Firewall\ExceptionListener($tokenStorage, $trustResolver);
@@ -33,16 +54,46 @@ $exceptionListener = new \Symfony\Component\Security\Http\Firewall\ExceptionList
 $map->add($requestMatcher, $listeners);


-$firewall = new \Symfony\Component\Security\Http\Firewall($map, $dispatcher);
-
-
+$firewall = new Firewall($map, $dispatcher);
 $dispatcher->addListener(
-    \Symfony\Component\HttpKernel\KernelEvents::REQUEST,
+    KernelEvents::REQUEST,
    array($firewall, 'onKernelRequest')
 );

-$kernel = new \BiiG\SecurityTest\Kernel($dispatcher, function() {
-    echo "<h1>Hello</h1>";
-});
+/////////////////////////
+/// Authorization
+
+// instances of Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
+$voters = [
+    new RoleHierarchyVoter(
+        new RoleHierarchy([
+            'ROLE_SUPER_ADMIN' => [
+                'ROLE_ADMIN',
+                'ROLE_USER'
+            ]
+        ])
+    ),
+];
+$strategy = AccessDecisionManager::STRATEGY_AFFIRMATIVE;
+
+$accessDecisionManager = new AccessDecisionManager(
+    $voters,
+    $strategy
+);
+
+$accessMap = new AccessMap();
+$requestMatcher = new RequestMatcher('^/admin');
+$accessMap->add($requestMatcher, array('ROLE_ADMIN'));
+
+$accessListener = new AccessListener(
+    $tokenStorage,
+    $accessDecisionManager,
+    $accessMap,
+    $authManager
+);
+
+
+/////////////////////////
+/// Run kernel

-$kernel->handle($request);
+$kernel->handle($request)->send();
--- a/src/CustomAuthenticationProvider.php
+++ b/src/CustomAuthenticationProvider.php
@@ -66,6 +66,11 @@ class CustomAuthenticationProvider implements AuthenticationProviderInterface
        if (!$encoder->isPasswordValid($user->getPassword(), $token->getCredentials(), $user->getSalt())) {
            throw new BadCredentialsException('The presented password is invalid.');
        }
+
+        $token->setUser($user);
+        $token->setAuthenticated(true);
+
+        return $token;
    }

    public function supports(TokenInterface $token)

--- a/src/Kernel.php
+++ b/src/Kernel.php
@@ -13,7 +13,6 @@ namespace BiiG\SecurityTest;

 use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -37,8 +36,10 @@ class Kernel implements HttpKernelInterface

        // Some work
        $run = $this->run;
-        $run();
+        $response = $run();

        $this->dispatcher->dispatch(KernelEvents::FINISH_REQUEST, new FinishRequestEvent($this, $request, $type));
+
+        return $response;
    }
 }