123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 |
- <?php
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
- namespace Symfony\Component\DependencyInjection\Loader\Configurator;
- use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
- use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
- use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
- use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
- use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
- use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
- use Symfony\Component\Ldap\Security\LdapUserProvider;
- use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
- use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
- use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
- use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
- use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
- use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
- use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
- use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
- use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
- use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
- use Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter;
- use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
- use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
- use Symfony\Component\Security\Core\Encoder\EncoderFactory;
- use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
- use Symfony\Component\Security\Core\Encoder\UserPasswordEncoder;
- use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
- use Symfony\Component\Security\Core\Role\RoleHierarchy;
- use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
- use Symfony\Component\Security\Core\Security;
- use Symfony\Component\Security\Core\User\ChainUserProvider;
- use Symfony\Component\Security\Core\User\InMemoryUserProvider;
- use Symfony\Component\Security\Core\User\MissingUserProvider;
- use Symfony\Component\Security\Core\User\UserChecker;
- use Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator;
- use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
- use Symfony\Component\Security\Http\Controller\UserValueResolver;
- use Symfony\Component\Security\Http\Firewall;
- use Symfony\Component\Security\Http\HttpUtils;
- use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
- use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
- use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
- use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
- return static function (ContainerConfigurator $container) {
- $container->parameters()
- ->set('security.role_hierarchy.roles', [])
- ;
- $container->services()
- ->set('security.authorization_checker', AuthorizationChecker::class)
- ->public()
- ->args([
- service('security.token_storage'),
- service('security.authentication.manager'),
- service('security.access.decision_manager'),
- param('security.access.always_authenticate_before_granting'),
- ])
- ->alias(AuthorizationCheckerInterface::class, 'security.authorization_checker')
- ->set('security.token_storage', UsageTrackingTokenStorage::class)
- ->public()
- ->args([
- service('security.untracked_token_storage'),
- service_locator([
- 'session' => service('session'),
- ]),
- ])
- ->tag('kernel.reset', ['method' => 'disableUsageTracking'])
- ->tag('kernel.reset', ['method' => 'setToken'])
- ->alias(TokenStorageInterface::class, 'security.token_storage')
- ->set('security.untracked_token_storage', TokenStorage::class)
- ->set('security.helper', Security::class)
- ->args([service_locator([
- 'security.token_storage' => service('security.token_storage'),
- 'security.authorization_checker' => service('security.authorization_checker'),
- ])])
- ->alias(Security::class, 'security.helper')
- ->set('security.user_value_resolver', UserValueResolver::class)
- ->args([
- service('security.token_storage'),
- ])
- ->tag('controller.argument_value_resolver', ['priority' => 40])
- // Authentication related services
- ->set('security.authentication.trust_resolver', AuthenticationTrustResolver::class)
- ->set('security.authentication.session_strategy', SessionAuthenticationStrategy::class)
- ->args([param('security.authentication.session_strategy.strategy')])
- ->alias(SessionAuthenticationStrategyInterface::class, 'security.authentication.session_strategy')
- ->set('security.authentication.session_strategy_noop', SessionAuthenticationStrategy::class)
- ->args(['none'])
- ->set('security.encoder_factory.generic', EncoderFactory::class)
- ->args([
- [],
- ])
- ->alias('security.encoder_factory', 'security.encoder_factory.generic')
- ->alias(EncoderFactoryInterface::class, 'security.encoder_factory')
- ->set('security.user_password_encoder.generic', UserPasswordEncoder::class)
- ->args([service('security.encoder_factory')])
- ->alias('security.password_encoder', 'security.user_password_encoder.generic')->public()
- ->alias(UserPasswordEncoderInterface::class, 'security.password_encoder')
- ->set('security.user_checker', UserChecker::class)
- ->set('security.expression_language', ExpressionLanguage::class)
- ->args([service('cache.security_expression_language')->nullOnInvalid()])
- ->set('security.authentication_utils', AuthenticationUtils::class)
- ->args([service('request_stack')])
- ->alias(AuthenticationUtils::class, 'security.authentication_utils')
- // Authorization related services
- ->set('security.access.decision_manager', AccessDecisionManager::class)
- ->args([[]])
- ->alias(AccessDecisionManagerInterface::class, 'security.access.decision_manager')
- ->set('security.role_hierarchy', RoleHierarchy::class)
- ->args([param('security.role_hierarchy.roles')])
- ->alias(RoleHierarchyInterface::class, 'security.role_hierarchy')
- // Security Voters
- ->set('security.access.simple_role_voter', RoleVoter::class)
- ->tag('security.voter', ['priority' => 245])
- ->set('security.access.authenticated_voter', AuthenticatedVoter::class)
- ->args([service('security.authentication.trust_resolver')])
- ->tag('security.voter', ['priority' => 250])
- ->set('security.access.role_hierarchy_voter', RoleHierarchyVoter::class)
- ->args([service('security.role_hierarchy')])
- ->tag('security.voter', ['priority' => 245])
- ->set('security.access.expression_voter', ExpressionVoter::class)
- ->args([
- service('security.expression_language'),
- service('security.authentication.trust_resolver'),
- service('security.authorization_checker'),
- service('security.role_hierarchy')->nullOnInvalid(),
- ])
- ->tag('security.voter', ['priority' => 245])
- ->set('security.impersonate_url_generator', ImpersonateUrlGenerator::class)
- ->args([
- service('request_stack'),
- service('security.firewall.map'),
- service('security.token_storage'),
- ])
- // Firewall related services
- ->set('security.firewall', FirewallListener::class)
- ->args([
- service('security.firewall.map'),
- service('event_dispatcher'),
- service('security.logout_url_generator'),
- ])
- ->tag('kernel.event_subscriber')
- ->alias(Firewall::class, 'security.firewall')
- ->set('security.firewall.map', FirewallMap::class)
- ->args([
- abstract_arg('Firewall context locator'),
- abstract_arg('Request matchers'),
- ])
- ->set('security.firewall.context', FirewallContext::class)
- ->abstract()
- ->args([
- [],
- service('security.exception_listener'),
- abstract_arg('LogoutListener'),
- abstract_arg('FirewallConfig'),
- ])
- ->set('security.firewall.lazy_context', LazyFirewallContext::class)
- ->abstract()
- ->args([
- [],
- service('security.exception_listener'),
- abstract_arg('LogoutListener'),
- abstract_arg('FirewallConfig'),
- service('security.untracked_token_storage'),
- ])
- ->set('security.firewall.config', FirewallConfig::class)
- ->abstract()
- ->args([
- abstract_arg('name'),
- abstract_arg('user_checker'),
- abstract_arg('request_matcher'),
- false, // security enabled
- false, // stateless
- null,
- null,
- null,
- null,
- null,
- [], // listeners
- null, // switch_user
- ])
- ->set('security.logout_url_generator', LogoutUrlGenerator::class)
- ->args([
- service('request_stack')->nullOnInvalid(),
- service('router')->nullOnInvalid(),
- service('security.token_storage')->nullOnInvalid(),
- ])
- // Provisioning
- ->set('security.user.provider.missing', MissingUserProvider::class)
- ->abstract()
- ->args([
- abstract_arg('firewall'),
- ])
- ->set('security.user.provider.in_memory', InMemoryUserProvider::class)
- ->abstract()
- ->set('security.user.provider.ldap', LdapUserProvider::class)
- ->abstract()
- ->args([
- abstract_arg('security.ldap.ldap'),
- abstract_arg('base dn'),
- abstract_arg('search dn'),
- abstract_arg('search password'),
- abstract_arg('default_roles'),
- abstract_arg('uid key'),
- abstract_arg('filter'),
- abstract_arg('password_attribute'),
- abstract_arg('extra_fields (email etc)'),
- ])
- ->set('security.user.provider.chain', ChainUserProvider::class)
- ->abstract()
- ->set('security.http_utils', HttpUtils::class)
- ->args([
- service('router')->nullOnInvalid(),
- service('router')->nullOnInvalid(),
- ])
- ->alias(HttpUtils::class, 'security.http_utils')
- // Validator
- ->set('security.validator.user_password', UserPasswordValidator::class)
- ->args([
- service('security.token_storage'),
- service('security.encoder_factory'),
- ])
- ->tag('validator.constraint_validator', ['alias' => 'security.validator.user_password'])
- // Cache
- ->set('cache.security_expression_language')
- ->parent('cache.system')
- ->private()
- ->tag('cache.pool')
- // Cache Warmers
- ->set('security.cache_warmer.expression', ExpressionCacheWarmer::class)
- ->args([
- [],
- service('security.expression_language'),
- ])
- ->tag('kernel.cache_warmer')
- ;
- };
|