[Security] Added a REMOTE_USER based listener to security firewalls

Author: mdouailin

DependencyInjection/Security/Factory/RemoteUserFactory.php

@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
+
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+
+use Symfony\Component\DependencyInjection\DefinitionDecorator;
+
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Reference;
+
+/**
+ * RemoteUserFactory creates services for REMOTE_USER based authentication.
+ *
+ * @author Fabien Potencier <[email protected]>
+ * @author Maxime Douailin <[email protected]>
+ */
+class RemoteUserFactory implements SecurityFactoryInterface
+{
+    public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
+    {
+        $providerId = 'security.authentication.provider.pre_authenticated.'.$id;
+        $container
+            ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
+            ->replaceArgument(0, new Reference($userProvider))
+            ->addArgument($id)
+        ;
+
+        $listenerId = 'security.authentication.listener.remote_user.'.$id;
+        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.remote_user'));
+        $listener->replaceArgument(2, $id);
+        $listener->replaceArgument(3, $config['user']);
+
+        return array($providerId, $listenerId, $defaultEntryPoint);
+    }
+
+    public function getPosition()
+    {
+        return 'pre_auth';
+    }
+
+    public function getKey()
+    {
+        return 'remote-user';
+    }
+
+    public function addConfiguration(NodeDefinition $node)
+    {
+        $node
+            ->children()
+                ->scalarNode('provider')->end()
+                ->scalarNode('user')->defaultValue('REMOTE_USER')->end()
+            ->end()
+        ;
+    }
+}

Resources/config/security_listeners.xml

@@ -24,6 +24,8 @@
 
         <parameter key="security.authentication.listener.x509.class">Symfony\Component\Security\Http\Firewall\X509AuthenticationListener</parameter>
 
+        <parameter key="security.authentication.listener.remote_user.class">Symfony\Component\Security\Http\Firewall\RemoteUserAuthenticationListener</parameter>
+
         <parameter key="security.authentication.listener.anonymous.class">Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener</parameter>
 
         <parameter key="security.authentication.switchuser_listener.class">Symfony\Component\Security\Http\Firewall\SwitchUserListener</parameter>
@@ -173,6 +175,16 @@
             <argument type="service" id="event_dispatcher" on-invalid="null"/>
         </service>
 
+        <service id="security.authentication.listener.remote_user" class="%security.authentication.listener.remote_user.class%" public="false" abstract="true">
+            <tag name="monolog.logger" channel="security" />
+            <argument type="service" id="security.context" />
+            <argument type="service" id="security.authentication.manager" />
+            <argument /> <!-- Provider-shared Key -->
+            <argument /> <!-- REMOTE_USER server env var -->
+            <argument type="service" id="logger" on-invalid="null" />
+            <argument type="service" id="event_dispatcher" on-invalid="null"/>
+        </service>
+
         <service id="security.authentication.listener.basic" class="%security.authentication.listener.basic.class%" public="false" abstract="true">
             <tag name="monolog.logger" channel="security" />
             <argument type="service" id="security.context" />

SecurityBundle.php

@@ -19,6 +19,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\HttpDigestFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\X509Factory;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RemoteUserFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimplePreAuthenticationFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SimpleFormFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\InMemoryFactory;
@@ -40,6 +41,7 @@ public function build(ContainerBuilder $container)
         $extension->addSecurityListenerFactory(new HttpDigestFactory());
         $extension->addSecurityListenerFactory(new RememberMeFactory());
         $extension->addSecurityListenerFactory(new X509Factory());
+        $extension->addSecurityListenerFactory(new RemoteUserFactory());
         $extension->addSecurityListenerFactory(new SimplePreAuthenticationFactory());
         $extension->addSecurityListenerFactory(new SimpleFormFactory());
 

Tests/DependencyInjection/CompleteConfigurationTest.php

@@ -79,6 +79,7 @@ public function testFirewalls()
                 'security.channel_listener',
                 'security.logout_listener.secure',
                 'security.authentication.listener.x509.secure',
+                'security.authentication.listener.remote_user.secure',
                 'security.authentication.listener.form.secure',
                 'security.authentication.listener.basic.secure',
                 'security.authentication.listener.digest.secure',

Tests/DependencyInjection/Fixtures/php/container1.php

@@ -69,6 +69,7 @@
             'anonymous' => true,
             'switch_user' => true,
             'x509' => true,
+            'remote_user' => true,
             'logout' => true,
         ),
         'host' => array(

Tests/DependencyInjection/Fixtures/xml/container1.xml

@@ -54,6 +54,7 @@
             <anonymous />
             <switch-user />
             <x509 />
+            <remote-user />
             <logout />
         </firewall>
 

Tests/DependencyInjection/Fixtures/yml/container1.yml

@@ -52,6 +52,7 @@ security:
             anonymous: true
             switch_user: true
             x509: true
+            remote_user: true
             logout: true
         host:
             pattern: /test