-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathsecurity.yaml
71 lines (65 loc) · 2.87 KB
/
security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
chain_user_provider:
chain:
providers: [security_user_provider, api_key_user_provider]
security_user_provider:
id: App\User\Application\Security\Provider\SecurityUserFactory
api_key_user_provider:
id: App\ApiKey\Application\Security\Provider\ApiKeyUserProvider
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/v1/auth/get_token$
stateless: true
#anonymous: true
json_login:
provider: security_user_provider
check_path: /api/v1/auth/get_token
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: App\User\Application\Security\Handler\TranslatedAuthenticationFailureHandler
root:
pattern: ^/($|command-scheduler)
stateless: true
#anonymous: true
api:
pattern: ^/api
stateless: true
#anonymous: true
lazy: true
provider: chain_user_provider
jwt: ~
custom_authenticators:
- App\ApiKey\Application\Security\Authenticator\ApiKeyAuthenticator
role_hierarchy:
ROLE_API: [ROLE_LOGGED]
ROLE_USER: [ROLE_LOGGED]
ROLE_ADMIN: [ROLE_USER]
ROLE_ROOT: [ROLE_ADMIN]
access_decision_manager:
strategy: unanimous
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/command-scheduler, roles: ROLE_ADMIN }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon