Custom User Provider Factories for the Symfony Security Bundle

Symfony has some great documentation on adding custom security authentication providers, but there is a similarly mature system for user providers. While there is support for custom user providers already which are defined as services within an application, I was looking for a way to provide something similar to the way memory user providers work:… Continue reading Custom User Provider Factories for the Symfony Security Bundle

Handling Authentication Tokens in Single Page Apps

There are broad scenarios in which a single page app (SPA) needs to handle authentication: The SPA is using an API custom built for the app itself -- the API being used is not public in any other way The SPA is using an API built for public consumption -- one with a full fledged… Continue reading Handling Authentication Tokens in Single Page Apps

Working with Multiple Content-Security-Policy Headers

Working with Multiple CSP Headers

Today I've been fighting with Content Security Policy (CSP). Servers may send multiple CSP headers, but there is a catch: Adding additional policies can only further restrict the capabilities of the protected resource I had wrongly assumed that I could pretty up my nginx configuration by splitting up the various *-src directives into separate add_header… Continue reading Working with Multiple Content-Security-Policy Headers

Making Multiple Instances Play Nice with Symfony’s Autowiring

Autowiring & Multiple Instances

Symfony's autowiring is one of the best things to come to the framework in the 3.X series. Without it we would all still be extending ContainerAware base classes and be using a service locator. But what if we need multiple instances of somethign in the container? The docs talk about dealing with multiple implementations of… Continue reading Making Multiple Instances Play Nice with Symfony’s Autowiring