[2.3] Remove Acme Demo bundle #818
Conversation
|
Is the security config still working now that we don't have any firewall anymore except the one disabling security for the toolbar and assetic ? |
|
Thanks for your review. As you cleverly guessed, this security config file doesn't work:
I've tried several configurations, but I cannot create "the minimal empty security configuration file". Any suggestion will be considered and appreciated. |
|
Using this should work: security:
providers:
in_memory:
memory: ~
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
default:
anonymous: ~ |
|
@Pierstoval indeed it works. Thanks! However, that file contents look strange. I'd like to either provide an empty security configuration (it looks impossible due to the limitations of the security component and/or bundle) or provide a useful and complete sample file. I don't know what to do. |
|
Maybe @weaverryan can also share his opinion about what would be best for newcomers. |
|
looks good to me (except I would name the main firewall |
|
and providing an empty configuration is indeed not possible. The SecurityBundle considers that you made a mistake if you enable it but don't configure the security layer (a firewall defined with |
|
Same as @stof . I only made a copy/paste of the @javiereguiluz you may then add multiple comments explaining how the security works, with a link to the different parts of the docs. I remember an old version of the # you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
Symfony\Component\Security\Core\User\User: plaintext
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory: ~
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
access_control:
# - { path: ^/admin, roles: [ROLE_ADMIN] }Then you can remove anything "not useful" or "too complex" for newcomers, but IMO, we should keep everything in this example. |
|
@Pierstoval I think we are mistaking some things. We cannot put a lot of help notes in the |
|
Then the first sample of code I posted above might be the best solution then 😉 |
|
OK, I've updated the security:
providers:
in_memory:
memory: ~
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
main:
anonymous: ~
|
|
👍 |
|
|
||
| login: | ||
| pattern: ^/demo/secured/login$ | ||
| pattern: ^/(_(profiler|wdt|error)|css|images|js)/ |
There was a problem hiding this comment.
Do we really need the |error part here?
There was a problem hiding this comment.
It's part of the Twig bundle IIRC, and allows you to check your error
templates, so I'd say yes, we might need it :)
2015-06-11 12:58 GMT+02:00 Christian Flothmann notifications@github.com:
In app/config/security.yml
#818 (comment)
:firewalls: dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/- security: false
login:pattern: ^/demo/secured/login$pattern: ^/(_(profiler|wdt|error)|css|images|js)/Do we really need the |error part here?
—
Reply to this email directly or view it on GitHub
https://github.com/symfony/symfony-standard/pull/818/files#r32209761.
There was a problem hiding this comment.
Yeah, but only in Symfony 2.6 or higher.
There was a problem hiding this comment.
@xabbuh you are right. I've just remoed _error path for 2.3. Thanks.
|
👍 |
|
Thank you @javiereguiluz. |
This PR was merged into the 2.3 branch. Discussion ---------- [2.3] Remove Acme Demo bundle | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - This removes the AcmeDemoBundle for Symfony Standard 2.3. I'm going to send another pull request for Symfony 2.6+. Commits ------- cdddfa0 Removed the "_error" path from the sample security.yml file 2e60a9f Simplified the security.yml configuration edc56be Removed AcmeDemoBundle
This PR was submitted for the 3.1 branch but it was merged into the 2.7 branch instead (closes #6796). Discussion ---------- Remove AcmeDemoBundle references After symfony/symfony-standard#819 and symfony/symfony-standard#818 last year the AcmeDemoBundle doesn't exist so having an article dedicated to it doesn't appear to make much sense. This adapts the article to be focused on removing 'a bundle'. Commits ------- 9476cfa Remove AcmeDemoBundle references
This removes the AcmeDemoBundle for Symfony Standard 2.3. I'm going to send another pull request for Symfony 2.6+.