Symfony News

New in Symfony 3.1: Improved the Security Profiler Panel

Javier Eguiluz

Contributed by
Javier Eguiluz
in #17887.

The Symfony Profiler (and the web debug toolbar) are the most useful tools to check out what's going on during the execution of your application. Most of the profiler panels provide lots of information, except one of them: the security panel.

This is how the current security panel looks for the Symfony Demo application:

You can see the username of the logged in user, their roles, the token class and that's all. Considering that the Symfony Security component is a complex beast, you may be wondering where's all the information missing in that panel.

In Symfony 3.1 we decided to update this panel to provide much more information. First, we'll list the security voters active in your application and the voting strategy used:

In addition, we now log all the voting decisions made during the rendering of the page. Consider for example the Symfony Demo page that renders a single blog post. In the base template, the application checks whether the user is an admin:

1
2
3
{% if is_granted('ROLE_ADMIN') %}
    <a href="{{ path('admin_post_index') }}">...</a>
{% endif %}

In addition, the template that renders the blog post checks whether the user is logged to decide if they can post comments:

1
2
3
4
5
{% if is_granted('IS_AUTHENTICATED_FULLY') %}
    {{ render(controller('AppBundle:Blog:commentForm', { id: post.id })) }}
{% else %}
    ...
{% endif %}

These security checks performed with the is_granted() helper are now logged and displayed in the security panel to help you debug any issue:

In this simple example, the object is always null and the attribute is just a string, but the profiler supports any kind of object or data type and multiple attributes too. Besides, they are always properly formatted to improve your productivity:

The Symfony Demo application only makes security decisions in the templates with the is_granted() helper, but if your application uses the isGranted() method in your PHP code, those decisions will also be logged.

Combining all these new features, this is how the screenshot showed at the beginning of this article will look in Symfony 3.1:

Be trained by Symfony experts - 2016-04-22 Clichy - 2016-04-26 London - 2016-04-26 London


Source: https://symfony.com/blog

About us

What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...

Resources

Find us on Twitter

Find us on Facebook