How does Symfony catch the check_path

1
votes

EDIT: I already set up login form with symfony and the authorisation works just fine. But would like to go a bit deeper into how it is manage by the security bundle of symfony.

I want to study/understand the way symfony security handles authentification. If I understand well so far the URL "/login_path" as specified in security.yml at the line check_path trigger authentification in Symfony:

Then come controller/listener/service get username and password throught the variable POST["_username"] and POST["_password"] from the login_form.

I wanted to have a look how this is handled in Symfony. Which files should I have a look at in the Security folder in Symfony?

Anyone to just explain me the mecanism about how it works? Does some listener catch the URL then transmit it to some controller in Symfony. (I just want to have a look to understand it)

thanks in advance.

1
symfonyauthenticationlogin
Why don't you install symfony and walk through it with your IDE? Security component is in my opinion the most complex component. In symfony there's nearly always a very abstract implementation of the underlying system and some concrete implementation for it. You have to choose which layer you want to analyze. - Aitch
I have install Symfony and need indeed to walk through it. But thought that maybe someone could tell me how the authentification works in Symfony...The general aspect of if. (Not the configuration aspect, I already implemented auth. with symfony and it works just fine) - Alexis_D
There are authentication listeners which try to extract any sort of login data. Default is that listener which tries to get _username and _password from the request object an then use the authentication manager to generate a authentication token. symfony.com/doc/current/components/security/authentication.html - Aitch
OK thanks for the link. just one more question: I just would like to have a look at the files that manage the listener that is triggered when check_path is setteled in the URL - Alexis_D
The abstract listener is \Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener and its protected requiresAuthentication() method uses \Symfony\Component\Security\Http\HttpUtils::checkRequestPath to check if check_path is in the url. There are two implementations extending it: \Symfony\Component\Security\Http\Firewall\SimpleFormAuthenticationListener and \Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener - Aitch

1 Answers

0
votes

There is no Single file you can Look at. Security in Symfony is splitted into multiple aspects like authentication, authorization, user providers,..

Read the manual, it's explained there very well. But yes, it's really complex. http://symfony.com/doc/current/book/security.html

The basic process looks like this: - firewall rules decide if access is allowed and auth is required - a token is generated by one of the configured listeners - authentication provider validates the token - user is loaded from configured user provider