review all Security code blocks

Author: xabbuh

book/security.rst

@@ -67,7 +67,7 @@ configuration looks like this:
 
                 <firewall name="dev"
                     pattern="^/(_(profiler|wdt)|css|images|js)/"
-                    security=false />
+                    security="false" />
 
                 <firewall name="default">
                     <anonymous />
@@ -81,7 +81,7 @@ configuration looks like this:
         $container->loadFromExtension('security', array(
             'providers' => array(
                 'in_memory' => array(
-                    'memory' => array(),
+                    'memory' => null,
                 ),
             ),
             'firewalls' => array(
@@ -209,6 +209,8 @@ user to be logged in to access this URL:
             # ...
             firewalls:
                 # ...
+                default:
+                    # ...
 
             access_control:
                 # require ROLE_ADMIN for /admin*
@@ -231,10 +233,8 @@ user to be logged in to access this URL:
                     <!-- ... -->
                 </firewall>
 
-                <access-control>
-                    <!-- require ROLE_ADMIN for /admin* -->
-                    <rule path="^/admin" role="ROLE_ADMIN" />
-                </access-control>
+                <!-- require ROLE_ADMIN for /admin* -->
+                <rule path="^/admin" role="ROLE_ADMIN" />
             </config>
         </srv:container>
 
@@ -541,20 +541,23 @@ like this:
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <config>
+                <!-- ... -->
+
                 <provider name="in_memory">
                     <memory>
                         <user name="ryan" password="$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli" roles="ROLE_USER" />
                         <user name="admin" password="$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G" roles="ROLE_ADMIN" />
                     </memory>
                 </provider>
-                <!-- ... -->
             </config>
         </srv:container>
 
     .. code-block:: php
 
         // app/config/security.php
         $container->loadFromExtension('security', array(
+            // ...
+
             'providers' => array(
                 'in_memory' => array(
                     'memory' => array(
@@ -691,8 +694,11 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
         # app/config/security.yml
         security:
             # ...
+
             firewalls:
                 # ...
+                default:
+                    # ...
 
             access_control:
                 # require ROLE_ADMIN for /admin*
@@ -715,10 +721,8 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
                     <!-- ... -->
                 </firewall>
 
-                <access-control>
-                    <!-- require ROLE_ADMIN for /admin* -->
-                    <rule path="^/admin" role="ROLE_ADMIN" />
-                </access-control>
+                <!-- require ROLE_ADMIN for /admin* -->
+                <rule path="^/admin" role="ROLE_ADMIN" />
             </config>
         </srv:container>
 
@@ -727,6 +731,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
         // app/config/security.php
         $container->loadFromExtension('security', array(
             // ...
+
             'firewalls' => array(
                 // ...
                 'default' => array(
@@ -755,6 +760,7 @@ matches the URL.
         # app/config/security.yml
         security:
             # ...
+
             access_control:
                 - { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
                 - { path: ^/admin, roles: ROLE_ADMIN }
@@ -771,10 +777,9 @@ matches the URL.
 
             <config>
                 <!-- ... -->
-                <access-control>
-                    <rule path="^/admin/users" role="ROLE_SUPER_ADMIN" />
-                    <rule path="^/admin" role="ROLE_ADMIN" />
-                </access-control>
+
+                <rule path="^/admin/users" role="ROLE_SUPER_ADMIN" />
+                <rule path="^/admin" role="ROLE_ADMIN" />
             </config>
         </srv:container>
 
@@ -783,6 +788,7 @@ matches the URL.
         // app/config/security.php
         $container->loadFromExtension('security', array(
             // ...
+
             'access_control' => array(
                 array('path' => '^/admin/users', 'role' => 'ROLE_SUPER_ADMIN'),
                 array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
@@ -1037,13 +1043,14 @@ the firewall can handle this automatically for you when you activate the
 
         # app/config/security.yml
         security:
+            # ...
+
             firewalls:
                 secured_area:
                     # ...
                     logout:
                         path:   /logout
                         target: /
-            # ...
 
     .. code-block:: xml
 
@@ -1056,25 +1063,27 @@ the firewall can handle this automatically for you when you activate the
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <config>
-                <firewall name="secured_area" pattern="^/">
+                <!-- ... -->
+
+                <firewall name="secured_area">
                     <!-- ... -->
                     <logout path="/logout" target="/" />
                 </firewall>
-                <!-- ... -->
             </config>
         </srv:container>
 
     .. code-block:: php
 
         // app/config/security.php
         $container->loadFromExtension('security', array(
+            // ...
+
             'firewalls' => array(
                 'secured_area' => array(
                     // ...
-                    'logout' => array('path' => 'logout', 'target' => '/'),
+                    'logout' => array('path' => '/logout', 'target' => '/'),
                 ),
             ),
-            // ...
         ));
 
 Next, you'll need to create a route for this URL (but not a controller):
@@ -1085,7 +1094,7 @@ Next, you'll need to create a route for this URL (but not a controller):
 
         # app/config/routing.yml
         logout:
-            path:   /logout
+            path: /logout
 
     .. code-block:: xml
 
@@ -1106,7 +1115,7 @@ Next, you'll need to create a route for this URL (but not a controller):
         use Symfony\Component\Routing\Route;
 
         $collection = new RouteCollection();
-        $collection->add('logout', new Route('/logout', array()));
+        $collection->add('logout', new Route('/logout'));
 
         return $collection;
 
@@ -1171,6 +1180,8 @@ rules by creating a role hierarchy:
 
         # app/config/security.yml
         security:
+            # ...
+
             role_hierarchy:
                 ROLE_ADMIN:       ROLE_USER
                 ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
@@ -1186,6 +1197,8 @@ rules by creating a role hierarchy:
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <config>
+                <!-- ... -->
+
                 <role id="ROLE_ADMIN">ROLE_USER</role>
                 <role id="ROLE_SUPER_ADMIN">ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH</role>
             </config>
@@ -1195,6 +1208,8 @@ rules by creating a role hierarchy:
 
         // app/config/security.php
         $container->loadFromExtension('security', array(
+            // ...
+
             'role_hierarchy' => array(
                 'ROLE_ADMIN'       => 'ROLE_USER',
                 'ROLE_SUPER_ADMIN' => array(
@@ -1224,6 +1239,8 @@ cookie will be ever created by Symfony):
 
         # app/config/security.yml
         security:
+            # ...
+
             firewalls:
                 main:
                     http_basic: ~
@@ -1240,7 +1257,9 @@ cookie will be ever created by Symfony):
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <config>
-                <firewall stateless="true">
+                <!-- ... -->
+
+                <firewall name="main" stateless="true">
                     <http-basic />
                 </firewall>
             </config>
@@ -1250,8 +1269,10 @@ cookie will be ever created by Symfony):
 
         // app/config/security.php
         $container->loadFromExtension('security', array(
+            // ...
+
             'firewalls' => array(
-                'main' => array('http_basic' => array(), 'stateless' => true),
+                'main' => array('http_basic' => null, 'stateless' => true),
             ),
         ));
 

cookbook/security/access_control.rst

@@ -54,12 +54,10 @@ Take the following ``access_control`` entries as an example:
 
             <config>
                 <!-- ... -->
-                <access-control>
-                    <rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1" />
-                    <rule path="^/admin" role="ROLE_USER_HOST" host="symfony\.com$" />
-                    <rule path="^/admin" role="ROLE_USER_METHOD" method="POST, PUT" />
-                    <rule path="^/admin" role="ROLE_USER" />
-                </access-control>
+                <rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1" />
+                <rule path="^/admin" role="ROLE_USER_HOST" host="symfony\.com$" />
+                <rule path="^/admin" role="ROLE_USER_METHOD" methods="POST, PUT" />
+                <rule path="^/admin" role="ROLE_USER" />
             </config>
         </srv:container>
 
@@ -82,7 +80,7 @@ Take the following ``access_control`` entries as an example:
                 array(
                     'path' => '^/admin',
                     'role' => 'ROLE_USER_METHOD',
-                    'method' => 'POST, PUT',
+                    'methods' => 'POST, PUT',
                 ),
                 array(
                     'path' => '^/admin',
@@ -193,11 +191,10 @@ pattern so that it is only accessible by requests from the local server itself:
 
             <config>
                 <!-- ... -->
-                <access-control>
-                    <rule path="^/esi" role="IS_AUTHENTICATED_ANONYMOUSLY"
-                        ips="127.0.0.1, ::1" />
-                    <rule path="^/esi" role="ROLE_NO_ACCESS" />
-                </access-control>
+                <rule path="^/internal"
+                    role="IS_AUTHENTICATED_ANONYMOUSLY"
+                    ips="127.0.0.1, ::1" />
+                <rule path="^/internal" role="ROLE_NO_ACCESS" />
             </config>
         </srv:container>
 
@@ -208,12 +205,12 @@ pattern so that it is only accessible by requests from the local server itself:
             // ...
             'access_control' => array(
                 array(
-                    'path' => '^/esi',
+                    'path' => '^/internal',
                     'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
                     'ips' => '127.0.0.1, ::1'
                 ),
                 array(
-                    'path' => '^/esi',
+                    'path' => '^/internal',
                     'role' => 'ROLE_NO_ACCESS'
                 ),
             ),
@@ -270,11 +267,9 @@ the user will be redirected to ``https``:
             xsi:schemaLocation="http://symfony.com/schema/dic/services
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
-            <access-control>
-                <rule path="^/cart/checkout"
-                    role="IS_AUTHENTICATED_ANONYMOUSLY"
-                    requires-channel="https" />
-            </access-control>
+            <rule path="^/cart/checkout"
+                role="IS_AUTHENTICATED_ANONYMOUSLY"
+                requires-channel="https" />
         </srv:container>
 
     .. code-block:: php

cookbook/security/acl.rst

@@ -52,20 +52,36 @@ First, you need to configure the connection the ACL system is supposed to use:
 
         # app/config/security.yml
         security:
+            # ...
+
             acl:
                 connection: default
 
     .. code-block:: xml
 
         <!-- app/config/security.xml -->
-        <acl>
-            <connection>default</connection>
-        </acl>
+        <?xml version="1.0" encoding="UTF-8"?>
+        <srv:container xmlns="http://symfony.com/schema/dic/security"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:srv="http://symfony.com/schema/dic/services"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services
+                http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+            <config>
+                <!-- ... -->
+
+                <acl>
+                    <connection>default</connection>
+                </acl>
+            </config>
+        </srv:container>
 
     .. code-block:: php
 
         // app/config/security.php
         $container->loadFromExtension('security', 'acl', array(
+            // ...
+
             'connection' => 'default',
         ));