Is there a way to check if the header of the request has a key value, compare with another value stored in the env and then give or not the access?
Note: I want to do it inside the firewall in security.yml.
Something like the "guard-authentication" from the docs but I don't need all those methods (getCredentials, getUser, etc... )
I think you are looking for a kernel controller filter, then you can parse the header of the request and search for the required parameter. For the env var you can set it as a parameter as below
//services.yaml
parameters:
your_variable: '%env(YOUR_ENV_VARIABLE)%'
then call it from service container
$var = $container->getParameter('your_variable');
and finally you can use a voter in your controller action to allow/deny access
Related
I have two REST Services: GET and PATCH.
The GET Service has a JSON Response and from which I need to trasnfer a property named tripId.
Add that property value to the URL of the PATCH Request as a resouce, i.e.,
https://patchRequest.com/api/trips/{tripId}/
Can any one tell me how to do it in SOAP UI/ READY API.
I'm not able to do it.
Thanks
Create a customer property in the test case section ( or even in the project section )
Add a Property Transfer test step and export the value to the holder that you created
Finally, Call the value in your URI
I cannot figure out how to use another Cache service for storing my nonces using the WsseAuthentication. The documentation is unclear to me. Can anybody help me setup my nonce cache for use with Redis?
Currently, I know how to add a new nonce cache service id, like this:
firewalls:
#...
wsse_secured:
#...
wsse:
#...
nonce_cache_service_id: cache_nonces
and I know how to create this service id:
services:
cache_nonces:
class: Doctrine\Common\Cache\RedisCache
arguments: ???
But I don't know what arguments to give. When I use RedisCache, it expects a Redis object, and I dont know where to get this object and add this to arguments.
Just remove "arguments:", the class Doctrine\Common\Cache\RedisCache https://github.com/doctrine/cache/blob/master/lib/Doctrine/Common/Cache/RedisCache.php doesn't have a constructor, so you should not pass any variables with "arguments"
I'm working on a Symfony2 project and am trying to figure out how to pass parameters from the route configuration to the controller. I know I can configure default values in the route configuration, and retrieve the values in the controller using the appropriate var name in the function declaration, but that isn't exactly what I want.
My use case is the following. I have a standard method in my controller that I want to access from 2 or 3 different routes. Depending on which route is being called, I want to "configure" the method differently. I can accomplish this in a few ways:
In my controller, check the route name using `$this->container->get("request")->get("_route"), but that is ugly, and then I am hardcoded to the route name. Moves configuration to the controller, which should just be logic - not configuration.
Create a base controller class, and subclass each method for my different routes. Each subclassed method would then have the necessary configuration within the method. Cleaner soln than #1, but still "heavy" in the sense of having multiple classes for a simple need and still pushes configuration data into the business logic.
Put configuration data into the route configuration. In the controller, access the configuration data as required. Ideal solution, but don't know how.
I can use the route default array to specify my arguments, but then must make sure to use a regex to ensure that the params are not overridden at the URL level (security risk). This is functional, but still kinda cludgy and not a pretty hack.
I presume that there must a better way to do this, but I can't seem to figure it out. Is there a way to access the routing object from the controller, and access the different configuration parameters?
You can pull the actual route from the router service. Something like:
$routeName = $this->container->get("request")->get("_route");
$router = $this->container->get("router");
$route = $router->getRouteCollection()->get($routeName);
Not sure if this would be such a great design though. Consider passing a $configName to your controller method, adding a parameter with the same name in a config file then using getParameter to access it. That would eliminate the route stuff from the equation.
Something like:
zayso_arbiter_import:
pattern: /import
defaults: { _controller: ZaysoArbiterBundle:Import:index, configName: 'someConfigName' }
public function importAction(Request $request, $configName)
Let's assume I implemented token based authorization with a custom filter attribute as described here.
Let's also assume, I have a controller that returns tasks:
public IEnumerable<Task> Get()
{
// return tasks for authorized user
}
Now, how would I go about returning only the tasks for the authorized user? Passing the user ID as a query parameter is not an option - it is forbidden to request the tasks of a different user.
you could enrich the HttpRouteData from your action filter and read it in the controller action. actionContext.ControllerContext.RouteData.Values.Add("UserId", someVaue );
You could also use the System.Runtime.Remoting.Messaging.CallContext class ( GetData and SetData )
In the code in the sample you linked to, they are encrypting the user's name in the token. In the filter they are getting this token from an http header, decrypting it back to the username, and querying it against an AuthorizedUserRepository.
AuthorizedUserRepository.GetUsers().First(x => x.Name == RSAClass.Decrypt(token));
You can certainly use a userid instead of the name, and work against a real repository instead of this sample one. You could either do all of this over again in the controller action or constructor, or you could pass it along the route data or some ThreadStatic property. If you want to get really fancy, you could implement claims based security and set a claim on the current thread's principal. Really it doesn't matter how you pass it along.
Ultimately you would just use this value in a where clause of a query or linq statement to filter down to the data you want the user to be allowed to access.
I need to put a flag in an kernel.event_listener at stage kernel.controller in order to do something in an kernel.response-listener.
I thought about adding a parameter to the $request object, however have not found any method or this:
http://api.symfony.com/2.0/Symfony/Component/HttpFoundation/Request.html
What is the best practice to pass some informatino from an kernel.controller-listener to an kernel.response-listener?
Use-case:
We want to set a cookie based on a validation of a specific request attribute (must be in kernel.controller-stage, since based on the result of the validation, the view may behave different).
The cookie can only be set in the kernel.response-listener, since it has the Response-instance.
You can use $request->attributes to pass around information. In your controller listener:
$request->attributes->set('mykey', 'myvalue');
In your response listener:
$myvalue = $request->attributes->get('mykey');