Development security¶
Tip
See Permissions for information about the permissions system in Ibexa DXP.
Security checklist
See the Security checklist for a list of security-related issues you should take care of before going live with a project.
Symfony authentication¶
To use Symfony authentication with Ibexa DXP, use the following configuration (in config/packages/security.yaml
):
1 2 3 4 5 6 7 8 9 |
|
And in config/routes.yaml
:
1 2 3 4 5 6 7 |
|
Note
You can fully customize the routes and/or the controller used for login.
However, remember to match login_path
, check_path
and logout.path
from security.yaml
.
See security configuration reference and standard login form documentation.
Authentication using Symfony Security component¶
Authentication is provided using the Symfony Security component.
Native and universal form_login
is used, in conjunction with an extended DaoAuthenticationProvider
(DAO stands for Data Access Object), the RepositoryAuthenticationProvider
. Native behavior of DaoAuthenticationProvider
has been preserved, making it possible to still use it for pure Symfony applications.
Security controller¶
A SecurityController
is used to manage all security-related actions and is thus used to display the login form. It follows all standards explained in Symfony security documentation.
The base template used is EzPublishCore/Security/login.html.twig
.
The layout used by default is %ezpublish.content_view.viewbase_layout%
(empty layout) but can be configured together with the login template:
1 2 3 4 5 6 |
|
Redirection after login¶
By default, Symfony redirects to the URI configured in security.yaml
as default_target_path
. If not set, it defaults to /
.
Remember me¶
It is possible to use the "Remember me" functionality. Refer to the Symfony cookbook on this topic.
If you want to use this feature, you must at least extend the login template in order to add the required checkbox:
1 2 3 4 5 6 7 |
|
Login handlers / SSO¶
Symfony provides native support for multiple user providers. This makes it easy to integrate any kind of login handlers, including SSO and existing third-party bundles (e.g. FR3DLdapBundle, HWIOauthBundle, FOSUserBundle, BeSimpleSsoAuthBundle, etc.).
See Authenticating a user with multiple user provider for more information.
JWT authentication¶
To use JWT authentication with Ibexa DXP, in the provided config/packages/lexik_jwt_authentication.yaml
file,
modify the existing configuration by setting authorization_header
to enabled
:
1 2 3 4 5 6 7 8 9 10 11 12 |
|
You also need a new Symfony firewall configuration for REST and/or GraphQL APIs.
It is already provided in config/packages/security.yaml
, you only need to uncomment it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
|