I've been reading up on Symfony 2 routes and Symfony 2 security.
The firewall configuration is based on URLs:
security.config:
firewalls:
backend:
pattern: /admin/.*
form-login: true
logout: true
api:
pattern: /api/.*
http_basic: true
stateless: true
public:
pattern: /.*
security: false
This means that if you decide to change your routes, you must remember
to rewrite your firewall too. In Symfony 1.x, you secured modules and
actions and the routing table could put them anywhere in URL space.
The idea was that the rest of your application didn't care what the
URL looked like.
But in Symfony 2.x a change that seems "cosmetic" like moving /admin
to /backend in the routing table actually has far-reaching
consequences you can't see while you're editing the routing table -
you have to go hunt down your firewall configuration (perhaps not even
designed by the same person) and make sure you update the same paths
there.
Similarly, in Symfony 1.x you wrote your actions to look at
$request->getParameter() to get their user input, and you didn't care
whether it came from a prettified parameter in the route or a regular
query string parameter. But in Symfony 2.x the pretty parameters are
passed as arguments to the action method.
I've just tested it and discovered that I can get the "pretty"
parameters using $this->get('request')->get() if I choose, which is
good because it means I can write actions that work without regard to
the design of routes, but this probably won't be the common practice.
So in general, it is no longer safe to edit the routing table without
also editing controller and firewall code and settings. Unlike Symfony
1.x, in Symfony 2.x routes, actions and the firewall are all tightly
coupled to the way the URL is written and all must usually be updated
if you want to change a URL.
Is that an accurate assessment?
The plus side, of course, seems to be ease of configuration and
coding. It is indeed pretty darn convenient to set up the firewall
this way, and the convenience parameters to action methods are very
handy. The downside is surprise side effects of "just making the URLs
nice" (:
--
Tom Boutell
P'unk Avenue
215 755 1330
punkave.com
window.punkave.com
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
