diff --git a/security.rst b/security.rst
index 9b75df1e8e5..c5c5e4fbcb8 100644
--- a/security.rst
+++ b/security.rst
@@ -45,7 +45,7 @@ configuration looks like this:
# app/config/security.yml
security:
providers:
- in_memory:
+ users_in_memory:
memory: ~
firewalls:
@@ -55,6 +55,7 @@ configuration looks like this:
main:
anonymous: ~
+ provider: users_in_memory
.. code-block:: xml
@@ -67,7 +68,7 @@ configuration looks like this:
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
@@ -77,6 +78,7 @@ configuration looks like this:
+ users_in_memory
@@ -86,7 +88,7 @@ configuration looks like this:
// app/config/security.php
$container->loadFromExtension('security', [
'providers' => [
- 'in_memory' => [
+ 'users_in_memory' => [
'memory' => null,
],
],
@@ -97,6 +99,7 @@ configuration looks like this:
],
'main' => [
'anonymous' => null,
+ 'provider' => 'users_in_memory'
],
],
]);
@@ -315,7 +318,7 @@ provider, but it's better to think of it as an "in configuration" provider:
# app/config/security.yml
security:
providers:
- in_memory:
+ users_in_memory:
memory:
users:
ryan:
@@ -324,7 +327,11 @@ provider, but it's better to think of it as an "in configuration" provider:
admin:
password: kitten
roles: 'ROLE_ADMIN'
- # ...
+
+ firewalls:
+ main:
+ provider: users_in_memory
+ # ...
.. code-block:: xml
@@ -337,13 +344,16 @@ provider, but it's better to think of it as an "in configuration" provider:
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
-
+
+ users_in_memory
+
+
@@ -352,7 +362,7 @@ provider, but it's better to think of it as an "in configuration" provider:
// app/config/security.php
$container->loadFromExtension('security', [
'providers' => [
- 'in_memory' => [
+ 'users_in_memory' => [
'memory' => [
'users' => [
'ryan' => [
@@ -367,13 +377,17 @@ provider, but it's better to think of it as an "in configuration" provider:
],
],
],
- // ...
+ 'firewalls' => [
+ 'main' => [
+ 'provider' => 'users_in_memory',
+ ],
+ ],
]);
Like with ``firewalls``, you can have multiple ``providers``, but you'll
-probably only need one. If you *do* have multiple, you can configure which
+probably only need one. If you *do* have multiple, you have to configure which
*one* provider to use for your firewall under its ``provider`` key (e.g.
-``provider: in_memory``).
+``provider: users_in_memory``).
.. seealso::
@@ -421,20 +435,22 @@ To fix this, add an ``encoders`` key:
.. code-block:: php
// app/config/security.php
+ use Symfony\Component\Security\Core\User\User;
+
$container->loadFromExtension('security', [
// ...
'encoders' => [
- 'Symfony\Component\Security\Core\User\User' => 'plaintext',
+ User::class => 'plaintext',
],
// ...
]);
-User providers load user information and put it into a ``User`` object. If
-you :doc:`load users from the database `
+User providers load user information and put it into a :class:`Symfony\\Component\\Security\\Core\\User\\UserInterface`
+implementation. If you :doc:`load users from the database `
or :doc:`some other source `, you'll
-use your own custom User class. But when you use the "in memory" provider,
-it gives you a ``Symfony\Component\Security\Core\User\User`` object.
+use your own custom User class. But when you use the "in memory" provider type,
+it gives you a :class:`Symfony\\Component\\Security\\Core\\User\\User` object.
Whatever your User class is, you need to tell Symfony what algorithm was
used to encode the passwords. In this case, the passwords are just plaintext,
@@ -449,6 +465,67 @@ you who you are and what roles you have:
Because this URL requires ``ROLE_ADMIN``, if you had logged in as ``ryan``,
this would deny you access. More on that later (:ref:`security-authorization-access-control`).
+.. tip::
+
+ If you have many providers and want to define the same encoder for all of
+ them, you can configure as follow:
+
+ .. configuration-block::
+
+ .. code-block:: yaml
+
+ # app/config/security.yml
+ security:
+ encoders:
+ Symfony\Component\Security\Core\User\UserInterface: bcrypt
+
+ # is equivalent to:
+ AppBundle\Entity\User: bcrypt
+ Symfony\Component\Security\Core\User\User: bcrypt
+ # and any other type you may add in the future
+ # ...
+
+ .. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ .. code-block:: php
+
+ // app/config/security.php
+ use Symfony\Component\Security\Core\User\UserInterface;
+
+ $container->loadFromExtension('security', [
+ 'encoders' => [
+ UserInterface::class => 'bcrypt',
+
+ // is equivalent to:
+ AppBundle\Entity\User::class => 'bcrypt',
+ Symfony\Component\Security\Core\User\User::class => 'bcrypt',
+ // and any other type you may add in the future
+ ],
+ // ...
+ ]);
+
Loading Users from the Database
...............................
@@ -502,11 +579,13 @@ is ``bcrypt``:
.. code-block:: php
// app/config/security.php
+ use Symfony\Component\Security\Core\User\User;
+
$container->loadFromExtension('security', [
// ...
'encoders' => [
- 'Symfony\Component\Security\Core\User\User' => [
+ User::class => [
'algorithm' => 'bcrypt',
'cost' => 12,
]
@@ -532,7 +611,7 @@ It will give you something like this:
# ...
providers:
- in_memory:
+ users_in_memory:
memory:
users:
ryan:
@@ -571,7 +650,7 @@ It will give you something like this:
// ...
'providers' => [
- 'in_memory' => [
+ 'users_in_memory' => [
'memory' => [
'users' => [
'ryan' => [
diff --git a/security/multiple_user_providers.rst b/security/multiple_user_providers.rst
index f228d0839a1..1331e3bd5d7 100644
--- a/security/multiple_user_providers.rst
+++ b/security/multiple_user_providers.rst
@@ -20,14 +20,14 @@ a new provider that chains the two together:
# app/config/security.yml
security:
providers:
- chain_provider:
+ users:
chain:
- providers: [in_memory, user_db]
- in_memory:
+ providers: [users_in_memory, users_in_db]
+ users_in_memory:
memory:
users:
foo: { password: test }
- user_db:
+ users_in_db:
entity: { class: AppBundle\Entity\User, property: username }
.. code-block:: xml
@@ -41,20 +41,20 @@ a new provider that chains the two together:
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
- in_memory
- user_db
+ users_in_memory
+ users_in_db
-
+
-
+
@@ -67,19 +67,19 @@ a new provider that chains the two together:
$container->loadFromExtension('security', [
'providers' => [
- 'chain_provider' => [
+ 'users' => [
'chain' => [
'providers' => ['in_memory', 'user_db'],
],
],
- 'in_memory' => [
+ 'users_in_memory' => [
'memory' => [
'users' => [
'foo' => ['password' => 'test'],
],
],
],
- 'user_db' => [
+ 'users_in_db' => [
'entity' => [
'class' => User::class,
'property' => 'username',
@@ -88,14 +88,14 @@ a new provider that chains the two together:
],
]);
-Now, all firewalls that explicitly define ``chain_provider`` as their user
-provider will, in turn, try to load the user from both the ``in_memory`` and
-``user_db`` providers.
+Now, all firewalls that explicitly define ``users`` as their user
+provider will, in turn, try to load the user from both the ``users_in_memory`` then
+``users_in_db`` providers.
.. deprecated:: 3.4
In previous Symfony versions, firewalls that didn't define their user provider
- explicitly, used the first existing provider (``chain_provider`` in this
+ explicitly, used the first existing provider (``users`` in this
example). However, auto-selecting the first user provider has been deprecated
in Symfony 3.4 and will throw an exception in 4.0. Always define the provider
used by the firewall when there are multiple providers.
@@ -114,10 +114,10 @@ the first provider is always used:
secured_area:
# ...
pattern: ^/
- provider: user_db
+ provider: users_in_db
http_basic:
realm: 'Secured Demo Area'
- provider: in_memory
+ provider: users_in_memory
form_login: ~
.. code-block:: xml
@@ -131,9 +131,9 @@ the first provider is always used:
https://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
-
+
@@ -147,11 +147,11 @@ the first provider is always used:
'secured_area' => [
// ...
'pattern' => '^/',
- 'provider' => 'user_db',
+ 'provider' => 'users_in_db',
'http_basic' => [
// ...
'realm' => 'Secured Demo Area',
- 'provider' => 'in_memory',
+ 'provider' => 'users_in_memory',
],
'form_login' => [],
],
@@ -159,8 +159,8 @@ the first provider is always used:
]);
In this example, if a user tries to log in via HTTP authentication, the authentication
-system will use the ``in_memory`` user provider. But if the user tries to
-log in via the form login, the ``user_db`` provider will be used (since it's
+system will use the ``users_in_memory`` user provider. But if the user tries to
+log in via the form login, the ``users_in_db`` provider will be used (since it's
the default for the firewall as a whole).
If you need to check that the user being returned by your provider is a allowed