Manage security/routing with Symfony2 by requesting a database - symfony

Using Symfony2, I'm looking for a way to easily access the main route prefix for a given request, outside any controller:
I am trying to figure out the best way to deal with access control related to some database elements in Symfony2.
I would like to restrict the access to some 'applications' located in the path /application/APP_ID according to the Subscription stored in the database.
Every restricted resource will be in this path.
The subscriptions are referencing a User entity and an Application entity. It includes an ending date. After this ending date, the application should not be accessible anymore.
The restriction should be : for every resource starting with /application/APP_ID, I need to check if the controller should be accessed.
This prefix is static and is actually defined in the app/config/routing.yml as a 'prefix' and the corresponding route name is stored in one of the Application entity attributes. The other involved routes are defined in an independent routing.yml file located for example in MyAppBundle/Resources/config/routing.yml and imported in the main routing file.
Can I easily know if the current route requested (ex. /application/APP_ID/action/1) is included in the route defining the prefix (ex. /application/APP_ID) in order to know what Application is concerned?
Or, is there a way to do that without having to give a list of routes or paths which necessarily require modifications for every application added, route added or modified?

Did you try to develop your own Voter ? As explained here : http://symfony.com/doc/current/cookbook/security/voters.html.
Instead of testing $request->getClientIp, you could test $request->getRequestUri. And you could have an access to doctrine, using $this->container->get('doctrine'). I think you could have all informations you need to secure your paths.
I did it few days ago to store my own RoleHierachy in database, it works well.

Related

Symfony differentiate application by dynamic route prefix

I need to differentiate what data to load by route prefix.
Let's say that I have these routes:
http://test.com/app1/news
http://test.com/app1/gallery
http://test.com/app2/news
http://test.com/app2/gallery
http://test.com/app3/news
http://test.com/app3/gallery
URL of apps (app1, app2, app3) are saved in database. For each app, there are different data for news, gallery etc.
Is there any way how to "cache" app entity and do not load it every time from database and check prefix in every action in controllers?
Is it good idea to save app object to session (and change it only if URL is changed)?
Thanks.
Yes, if you use Doctrine ORM you can configure second level cache.
More Information in link Doctrine second-level-cache

Is it correct aspnetcore way? Service & Dependency Injection

so i want to create some service that accesses external API, and i want to cache common requests from the API inside of that service, it depends on 3 other services, but i want to give it its own instance of cache, MemoryDistributedCache might later be changed for something else
services.AddSingleton<ISomeApi, SomeApi>(provider => new SomeApi(
Configuration.Get<Options>(),
new MemoryDistributedCache(new MemoryCache(new MemoryCacheOptions())),
provider.GetService<ILogger<SomeApi>>()
));
now from my Controllers i can access the api via DI, it works nicely but im not sure if its some sort of an anti-pattern or if there are better ways of doing it
i mean the real problem is separating the internal cache, requesting
IDistributedMemory from one service would give me the same object as if i request it from another service, they must be separated
This sounds like something you could use a proxy or decorator pattern for. The basic problem is that you have a service that does some data access, and another service responsible for caching the results of the first service. I realize you're not using a repository per se, but nonetheless the CachedRepository pattern should work for your needs. See here:
http://ardalis.com/introducing-the-cachedrepository-pattern
and
http://ardalis.com/building-a-cachedrepository-via-strategy-pattern
You can write your cached implementation such that it takes in the actual SomeApi type in its constructor if you don't need that part of the design to be flexible.

How to get self links of embeddedItems from Resources from Spring Data Rest and FeignClient

I have an application where I am using Spring Data Rest to expose my entities in one service, and then use FeignClient from another service to access and update those resources.
In examples I've seen POSTing a #OneToMany sub-resource association in Spring Data REST, the way to establish these relationships is as follows:
Create the entity
Get the "self" href of the newly created entity
Create a list of existing entities of the owning entity for that type and then add that newly created link to the list
Do a "PUT" with the list of URIs to the association URI (with a Content-Type of "text/uri-list") to create the association.
I have done this using AngularJs and it works fine. However, I really do not want my javascript controller to have such an intimate knowledge of my domain objects, I would prefer to have Spring HATEOAS do that work for me.
So what I've done is to create a service in my client application that uses the Spring Cloud FeignClient access those endpoints and do the work that the Angular is presently doing.
The problem that I am running into is that when I get my reference to my associations (e.g. "http://myapp/myobjects/3/myassociation") and then do a "GET" to that URI, it returns "Resources<MyAssociation>" which has no way of getting at the list of URIs of the association objects. All I get for "Links" is the reference to the associations from the owning entity (e.g. "http://myapp/myobjects/3/myassociation").
Is there a way that I can find that list of associations without having to make several other GETs so that I can add the newly added one to it?
Thanks in advance,
CS
URI.create(Resource.getId().getHref()).getPath()
U can try this.

Access server.xml content during servlet startup

I have an existing servlet and want to write some instructions to my log file on how to construct the URL needed to access my service . The basic logging service in J2EE is just fine for my purposes. The items I need are:
the canonical host name (got it)
the port number(s) for http connectors found in the server.xml file
the intermediate path to my servlet (servlet installation folder),
e.g. http://host:port/intermediate path/additional path
Using these three pieces of information I should be able to leave a breadcrumb of sorts in the log that tells administrators exactly how to configure my client-side app to access to this particular servlet instance.
Getting this information from within my implementation of HttpServlet.service() seems simple but I want to display the data during startup. Any thought on how to get it from within my implementation of HttpServlet.init()?

Symfony 2 - How can I share data between controllers

I need to be able to make some request data from one controller available in another controller. I can make a service to set the data in one controller, but when the other controller fires and I get the service, a new instance of the service is created. Is there any way I can make this data static and share it between two controllers?
The same basic things you would do whenever you need information to be available in PHP from a new request:
Store it in the session. Symfony2 has a great session component for this. Ideal for fleeting data that needs to be saved only while the user is navigating
Store it in the database. Symfony2 supports Doctrine which makes this very easy. Ideal for permanent storage
Optionally:
Store it on the filesystem. Not recommended unless it's actually a file, but possible as well.
In the end, rather than using the session to store data, I created two separate routes to the same controller action. I added an optional argument in the controller action, with a default value only specified in one of the routes. I can then test for that argument's value when the controller runs. In the Twig template that calls this controller action, the path can be generated using either one of these routes, depending on a variable already available.
Bit of a work around, but problem solved!

Resources