I have an authenticated user on the server via SSO. I can get it in my app with:
$user = $request->server->getHeaders();
var_dump($user['X_REMOTE_USER']);
I have a SOAP web service to retrieve more informations about the user like his rights on the application.
I wanted to know what is the good way to securized my apps ?
eg: /admin if user got admin role
Must I authentificate my user on symfony ? If yes How can I identify my user on symfony ? (We don't want a Login Form)
I have seen that may be I can use a userProvider.But I don't how it works with a user who is already authentificated by the server.
Thanks for your help, Regards.
You can setting roles in security.yml file for ACL Something like:
# security.yml
security:
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
here is more info. http://symfony.com/doc/current/book/security.html
But for authentication you need somethink like that: https://stackoverflow.com/a/25984933/3758361 , or you can try to use this bundle https://github.com/BeSimple/BeSimpleSsoAuthBundle
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.