security.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  11. use Symfony\Bundle\SecurityBundle\CacheWarmer\ExpressionCacheWarmer;
  12. use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
  13. use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
  14. use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
  15. use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
  16. use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
  17. use Symfony\Component\Ldap\Security\LdapUserProvider;
  18. use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
  19. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
  20. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
  22. use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
  23. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  24. use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
  25. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  26. use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
  27. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  28. use Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter;
  29. use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
  30. use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
  31. use Symfony\Component\Security\Core\Encoder\EncoderFactory;
  32. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  33. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoder;
  34. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  35. use Symfony\Component\Security\Core\Role\RoleHierarchy;
  36. use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
  37. use Symfony\Component\Security\Core\Security;
  38. use Symfony\Component\Security\Core\User\ChainUserProvider;
  39. use Symfony\Component\Security\Core\User\InMemoryUserProvider;
  40. use Symfony\Component\Security\Core\User\MissingUserProvider;
  41. use Symfony\Component\Security\Core\User\UserChecker;
  42. use Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator;
  43. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  44. use Symfony\Component\Security\Http\Controller\UserValueResolver;
  45. use Symfony\Component\Security\Http\Firewall;
  46. use Symfony\Component\Security\Http\HttpUtils;
  47. use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
  48. use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
  49. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
  50. use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
  51. return static function (ContainerConfigurator $container) {
  52. $container->parameters()
  53. ->set('security.role_hierarchy.roles', [])
  54. ;
  55. $container->services()
  56. ->set('security.authorization_checker', AuthorizationChecker::class)
  57. ->public()
  58. ->args([
  59. service('security.token_storage'),
  60. service('security.authentication.manager'),
  61. service('security.access.decision_manager'),
  62. param('security.access.always_authenticate_before_granting'),
  63. ])
  64. ->alias(AuthorizationCheckerInterface::class, 'security.authorization_checker')
  65. ->set('security.token_storage', UsageTrackingTokenStorage::class)
  66. ->public()
  67. ->args([
  68. service('security.untracked_token_storage'),
  69. service_locator([
  70. 'session' => service('session'),
  71. ]),
  72. ])
  73. ->tag('kernel.reset', ['method' => 'disableUsageTracking'])
  74. ->tag('kernel.reset', ['method' => 'setToken'])
  75. ->alias(TokenStorageInterface::class, 'security.token_storage')
  76. ->set('security.untracked_token_storage', TokenStorage::class)
  77. ->set('security.helper', Security::class)
  78. ->args([service_locator([
  79. 'security.token_storage' => service('security.token_storage'),
  80. 'security.authorization_checker' => service('security.authorization_checker'),
  81. ])])
  82. ->alias(Security::class, 'security.helper')
  83. ->set('security.user_value_resolver', UserValueResolver::class)
  84. ->args([
  85. service('security.token_storage'),
  86. ])
  87. ->tag('controller.argument_value_resolver', ['priority' => 40])
  88. // Authentication related services
  89. ->set('security.authentication.trust_resolver', AuthenticationTrustResolver::class)
  90. ->set('security.authentication.session_strategy', SessionAuthenticationStrategy::class)
  91. ->args([param('security.authentication.session_strategy.strategy')])
  92. ->alias(SessionAuthenticationStrategyInterface::class, 'security.authentication.session_strategy')
  93. ->set('security.authentication.session_strategy_noop', SessionAuthenticationStrategy::class)
  94. ->args(['none'])
  95. ->set('security.encoder_factory.generic', EncoderFactory::class)
  96. ->args([
  97. [],
  98. ])
  99. ->alias('security.encoder_factory', 'security.encoder_factory.generic')
  100. ->alias(EncoderFactoryInterface::class, 'security.encoder_factory')
  101. ->set('security.user_password_encoder.generic', UserPasswordEncoder::class)
  102. ->args([service('security.encoder_factory')])
  103. ->alias('security.password_encoder', 'security.user_password_encoder.generic')->public()
  104. ->alias(UserPasswordEncoderInterface::class, 'security.password_encoder')
  105. ->set('security.user_checker', UserChecker::class)
  106. ->set('security.expression_language', ExpressionLanguage::class)
  107. ->args([service('cache.security_expression_language')->nullOnInvalid()])
  108. ->set('security.authentication_utils', AuthenticationUtils::class)
  109. ->args([service('request_stack')])
  110. ->alias(AuthenticationUtils::class, 'security.authentication_utils')
  111. // Authorization related services
  112. ->set('security.access.decision_manager', AccessDecisionManager::class)
  113. ->args([[]])
  114. ->alias(AccessDecisionManagerInterface::class, 'security.access.decision_manager')
  115. ->set('security.role_hierarchy', RoleHierarchy::class)
  116. ->args([param('security.role_hierarchy.roles')])
  117. ->alias(RoleHierarchyInterface::class, 'security.role_hierarchy')
  118. // Security Voters
  119. ->set('security.access.simple_role_voter', RoleVoter::class)
  120. ->tag('security.voter', ['priority' => 245])
  121. ->set('security.access.authenticated_voter', AuthenticatedVoter::class)
  122. ->args([service('security.authentication.trust_resolver')])
  123. ->tag('security.voter', ['priority' => 250])
  124. ->set('security.access.role_hierarchy_voter', RoleHierarchyVoter::class)
  125. ->args([service('security.role_hierarchy')])
  126. ->tag('security.voter', ['priority' => 245])
  127. ->set('security.access.expression_voter', ExpressionVoter::class)
  128. ->args([
  129. service('security.expression_language'),
  130. service('security.authentication.trust_resolver'),
  131. service('security.authorization_checker'),
  132. service('security.role_hierarchy')->nullOnInvalid(),
  133. ])
  134. ->tag('security.voter', ['priority' => 245])
  135. ->set('security.impersonate_url_generator', ImpersonateUrlGenerator::class)
  136. ->args([
  137. service('request_stack'),
  138. service('security.firewall.map'),
  139. service('security.token_storage'),
  140. ])
  141. // Firewall related services
  142. ->set('security.firewall', FirewallListener::class)
  143. ->args([
  144. service('security.firewall.map'),
  145. service('event_dispatcher'),
  146. service('security.logout_url_generator'),
  147. ])
  148. ->tag('kernel.event_subscriber')
  149. ->alias(Firewall::class, 'security.firewall')
  150. ->set('security.firewall.map', FirewallMap::class)
  151. ->args([
  152. abstract_arg('Firewall context locator'),
  153. abstract_arg('Request matchers'),
  154. ])
  155. ->set('security.firewall.context', FirewallContext::class)
  156. ->abstract()
  157. ->args([
  158. [],
  159. service('security.exception_listener'),
  160. abstract_arg('LogoutListener'),
  161. abstract_arg('FirewallConfig'),
  162. ])
  163. ->set('security.firewall.lazy_context', LazyFirewallContext::class)
  164. ->abstract()
  165. ->args([
  166. [],
  167. service('security.exception_listener'),
  168. abstract_arg('LogoutListener'),
  169. abstract_arg('FirewallConfig'),
  170. service('security.untracked_token_storage'),
  171. ])
  172. ->set('security.firewall.config', FirewallConfig::class)
  173. ->abstract()
  174. ->args([
  175. abstract_arg('name'),
  176. abstract_arg('user_checker'),
  177. abstract_arg('request_matcher'),
  178. false, // security enabled
  179. false, // stateless
  180. null,
  181. null,
  182. null,
  183. null,
  184. null,
  185. [], // listeners
  186. null, // switch_user
  187. ])
  188. ->set('security.logout_url_generator', LogoutUrlGenerator::class)
  189. ->args([
  190. service('request_stack')->nullOnInvalid(),
  191. service('router')->nullOnInvalid(),
  192. service('security.token_storage')->nullOnInvalid(),
  193. ])
  194. // Provisioning
  195. ->set('security.user.provider.missing', MissingUserProvider::class)
  196. ->abstract()
  197. ->args([
  198. abstract_arg('firewall'),
  199. ])
  200. ->set('security.user.provider.in_memory', InMemoryUserProvider::class)
  201. ->abstract()
  202. ->set('security.user.provider.ldap', LdapUserProvider::class)
  203. ->abstract()
  204. ->args([
  205. abstract_arg('security.ldap.ldap'),
  206. abstract_arg('base dn'),
  207. abstract_arg('search dn'),
  208. abstract_arg('search password'),
  209. abstract_arg('default_roles'),
  210. abstract_arg('uid key'),
  211. abstract_arg('filter'),
  212. abstract_arg('password_attribute'),
  213. abstract_arg('extra_fields (email etc)'),
  214. ])
  215. ->set('security.user.provider.chain', ChainUserProvider::class)
  216. ->abstract()
  217. ->set('security.http_utils', HttpUtils::class)
  218. ->args([
  219. service('router')->nullOnInvalid(),
  220. service('router')->nullOnInvalid(),
  221. ])
  222. ->alias(HttpUtils::class, 'security.http_utils')
  223. // Validator
  224. ->set('security.validator.user_password', UserPasswordValidator::class)
  225. ->args([
  226. service('security.token_storage'),
  227. service('security.encoder_factory'),
  228. ])
  229. ->tag('validator.constraint_validator', ['alias' => 'security.validator.user_password'])
  230. // Cache
  231. ->set('cache.security_expression_language')
  232. ->parent('cache.system')
  233. ->private()
  234. ->tag('cache.pool')
  235. // Cache Warmers
  236. ->set('security.cache_warmer.expression', ExpressionCacheWarmer::class)
  237. ->args([
  238. [],
  239. service('security.expression_language'),
  240. ])
  241. ->tag('kernel.cache_warmer')
  242. ;
  243. };