I need to share a "client" page forIS_AUTHENTICATED_ANONYMOUSLY users of my Symfony3 application.
What are the good practices to implement this kind of feature ?
My thoughts :
Specific access control in security.yaml
access_control:
- { path: {regex with token?}, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Token entity to store the token
findOnBy with the token passed in url
if(null === $token){
throw new NotFoundHttpException('Page not found');
}
Questions :
The regex is not working what would be a corresponding regex forcase/{token} ?
I have the feeling that this method works but is not very effective
in terms of security requirement. Is my idea sufficient to manage
security on this feature ? What would be a better practice ?
Move the authentication outside of your controller, and return a proper "not authorized" exception if the token is not valid.
Basically you will need to create an implementation ofAuthenticatorInterface, which is usually accomplished by extendingAbstractGuardAuthenticator as described here.
In yoursupports() method you will likely check the existence of that token, and probably that the route is the one you really want to protect/authenticate.
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.
About the technologies asked in this question
PHP
PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites.
The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license. https://www.php.net/
Symfony
Symfony compares favorably with other PHP frameworks in terms of reliability and maturity. This framework appeared a long time ago, in 2005, that is, it has existed much longer than most of the other tools we are considering. It is popular for its web standards compliance and PHP design patterns. https://symfony.com/
HTML
HTML (English "hyper text markup language" - hypertext markup language) is a special markup language that is used to create sites on the Internet.
Browsers understand html perfectly and can interpret it in an understandable way. In general, any page on the site is html-code, which the browser translates into a user-friendly form. By the way, the code of any page is available to everyone. https://www.w3.org/html/
Welcome to programmierfrage.com
programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.
Get answers to specific questions
Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.
Help Others Solve Their Issues
Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.
This site uses cookies. We use them to improve the performance of our website and your interaction with it. Confirm your consent by clicking OK