© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. IN THE FUTURE, WE ALL USE SYMFONY2 Brent Shaffer | Software Engineer 1
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
IN THE FUTURE, WE ALL USE SYMFONY2Brent Shaffer | Software Engineer
1
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
This Guy... Who is he?
2
§ Brent Shaffer§ Too lazy to change the slide theme§ OBU Software Engineer - Genesis Team§ Symfony user for 3 years§ Nashville Symfony UG§ Author of ~20 Plugins§ Contributed to Symfony2 Docs§ Touched Fabien’s Hand
@bshaffer@bschaffer
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
What is he doing up there?
3
§ Rah Symfony Rah!§ Symfony Momentum§ Symfony2 advantages§ Symfony2 shortcomings§ Can we use it?§ Should we use it?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
It’s time to play...
4
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.5
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.6
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.7
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.8
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.9
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.10
Definition
Interfaces
Containers
Configuration
Methodology
Usage
Behaviors
Inheritance
The Kernel
The Profiler
Twig
Killing the Magic
Security
Speed
Infrastructure
PHP 5.3
TestingFormsTom Selleck’s Mustache
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 11
Dependency Injection Container
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
12
Dependency Injection ContainerDependency Injection ContainerDependency Injection Container
When one object requires another object in order to perform its function
Dependency Injection Container
Passing the dependency to the object that requires
it
Dependency Injection Container
Service that facilitates this process
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
13
class User { protected $storage; function __construct() { $this->storage = new SessionStorage(); }
function setLanguage($language) { $this->storage->set('language', $language); }} // ...
What we are used to
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
14
class User { protected $storage; function __construct($storage) { $this->storage = $storage; }
function setLanguage($language) { $this->storage->set('language', $language); }} // ...
What we want
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
15
Instead of harcoding the Storage dependency inside the User class constructorInject the Storage dependency in the User object
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
16
$storage = new SessionStorage('SESSION_ID'); $user = new User($storage);
SUCCESS!
// use a different storage engine$storage = new MySQLSessionStorage('SESSION_ID'); $user = new User($storage);
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container - Interfaces
17
Interfaces§ Defines public methods of a class§ Allow Plain Old PHP Objects as dependencies (POPO’s)
§ Enable use of third party classes through Adapters or Subclasses
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
18
class User { protected $storage; function __construct(SessionStorageInterface $storage) { $this->storage = $storage; }}
interface SessionStorageInterface { function get($key); function set($key, $value);}
SUCCESS!Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
19
The Container§ Describes objects and their dependencies§ Instantiates and configures objects on-
demand§ A container SHOULD be able to manage
ANY PHP object (POPO)§ The objects MUST not know that they are
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
§ Parameters§ The SessionStorageInterface implementation we want to use (the class name)§ The session name
§ Objects§ SessionStorage§ User
§ Dependencies§ User depends on a SessionStorageInterface implementation
20
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
21
class Container { protected $parameters = array();
public function setParameter($key, $value) { $this->parameters[$key] = $value; }
public function getParameter($key) { return $this->parameters[$key]; }}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
22
$container = new Container(); $container->setParameter('session_name', 'SESSION_ID'); $container->setParameter('storage_class', 'SessionStorage');
// decoupled!$class = $container->getParameter('storage_class'); $sessionStorage = new $class($container->getParameter('session_name')); $user = new User($sessionStorage);
SUCCESS!
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container - Configuration
23
What does this actually look like?services: storage: class: %storage_class%
arguments: - %session_name% user: class: User arguments: - @storage
parameters: session_name: ‘SESSION_NAME’ storage_class: ‘SessionStorage’
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
§ A DI Container does NOT manage ALL your objects§ Good rule of thumb: It manages “Global” objects
§ Objects with only one instance (not the same as a singleton)§ LIKE...
§ a User...§ a Request...§ a Logger...§ a Database Connection...
§ UNLIKE§ a Product...§ a Blog Post...
24
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Dependency Injection Container
§ Check out the Pimple project for more information§ http://pimple-project.org/
25
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 26
Doctrine 2
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Doctrine2 - Methodology
§ A model is not a table§ Objects are best when modeled after their real-world prototypes§ Active Record pattern vs. Data Mapper pattern
§ Active Record: An object that wraps a row in a database table or view, encapsulates the database access, and adds domain logic on that data.
§ Data Mapper: A layer that moves data between objects and a database while keeping them independent of each other and the mapper itself.§ We retain control of our domain
§ Persistence is separate from the object itself
27
Paradigm Shift
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 28
Entities§ Lightweight persistent domain objects§ Regular PHP Classes§ Do not extend any base Doctrine class§ Supports inheritance and abstract classes§ Entities may extend non-entity classes and vice versa.
Doctrine2 - Methodology
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 29
Entity Manager§ Central access point to the ORM functionality provided by Doctrine2.
The API is used to manage the persistence of your objects and to query for persistent objects
§ Employs transactional write behind strategy that delays the execution of SQL statements in order to execute them in the most efficient way
§ Executes at end of transaction so that all write locks are quickly released
§ Uses the Unit Of Work pattern to keep track of objects
Doctrine2 - Methodology
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Doctrine2 - Usage
30
What does this look like?<?phpnamespace Entities;
/** * @Entity @Table(name="users") */class User {
/** @Id @Column(type="integer") @GeneratedValue */private $id;
/** @Column(length=50) */private $name;
/** @OneToOne(targetEntity="Address") */private $address;
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 31
How do we persist it?// Database connection information$connectionOptions = array(
'driver' => 'pdo_sqlite','path' => 'database.sqlite'
);
// Create EntityManager$em = EntityManager::create($connectionOptions, $config);
$user = new User; $user->setName('Brent Shaffer'); $em->persist($user); $em->flush();
Doctrine2 - Usage
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
§ Three Kinds§ Mapped Superclass§ Single Table Inheritance§ Class Table Inheritance
32
Doctrine2 - Inheritance
Inheritance
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 33
Doctrine2 - Inheritance
Game BoardInheritance§ Mapped Superclass
§ Mapping data is contained in the superclass, but no database table is mapped to the superclass§ Single Table Inheritance
§ All entities share one table. § To distinguish which row represents which type in the hierarchy a discriminator column is
used§ Different and shared columns are maintained through Doctrine
§ Class Table Inheritance§ Each class in the hierarchy is mapped to several tables: it’s own table and the tables of all
parent classes§ The table of a child class is linked to the table of a parent class through a foreign key
constraint§ A discriminator column is used in the topmost table of the hierarchy
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
§ What was wrong§ Behaviors mocked multiple inheritance, a construct not supported in PHP§ A necessary evil due to the active record implementation
§ The New Way§ Interfaces
§ Describe what the object needs§ Events and Listeners
§ Tell the Entity Manager how to handle the object§ Traits
§ PHP 5.4§ Copy and Paste for PHP functions, Similar to Modules in ruby.
34
Doctrine2 - Behaviors
Behaviors
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
§ An Example§ Timestampable
§ Configure properties of your model to listen for on create and on update events§ Assign the TimestampableListener as an EventSubscriber § Doctrine manager handles the rest
§ Existing Behaviors§ Tree§ Translatable§ Sluggable§ Timestampable§ Loggable
35
Doctrine2 - Behaviors
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 36
The Kernel
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
The Kernel
37
the request/get-this
<h1>You Got It!</h1>the response
Client(Browser)
Your App
Your job is always to generate and return a response
The Internet is a series of tubes
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
The Kernel
§ The Basics§ The HttpKernel class is the central class of Symfony2 and is responsible for handling
client requests. Its main goal is to "convert" a Request object to a Response object.§ The handle() method takes a Request and always returns a Response.
§ The Controller§ To convert a Request to a Response, the Kernel relies on a Controller. A Controller can
be any valid PHP callable.§ The controller returns a Response Object
§ Events§ Events are thrown for onCoreRequest, onCoreController, onCoreView, and
onCoreResponse, and onCoreException.
38
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 39
Drum Roll Please...
The Kernel
$kernel = new AppKernel('Brent Shaffer', false); $kernel->handle(Request::createFromGlobals())->send();
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 40
The Profiler
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 41
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
The Profiler
42
The Symfony2 profiler collects useful information about each request made to your application and stores them for later analysis.
You rarely have to deal with the profiler directly as Symfony2 provides visualizer tools like the Web Debug Toolbar and the Web Profiler.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
The Profiler
§ The profiler collects information for all requests (simple requests, redirects, exceptions, Ajax requests, ESI requests; and for all HTTP methods and all formats). § A single URL can result in several associated profiling data (one per external request/
response pair).§ The profiler stores data to allow for access anytime
43
// on the production machine$profiler = $container->get('profiler')->getFromResponse($response);$data = $profiler->export();
// on the development machine$profiler->import($data);
framework: profiler: matcher: { ip: 192.168.0.0/24, path: "^/admin/", service: custom_matcher }
Text
§ Profilers can be configured differently per IP, URL, or a custom matcher service
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 44
Twig
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
45
“You do know PHP is the best templating language, right?”- Andi Gutmans
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
§ A template engine allows you to render a presentation (HTML, XML, etc) via a template in a controlled environment
§ It should allow special functionality that makes creating templates easier (helpers, template inheritance, etc)
§ SMARTY is a templating engine§ HAML is a templating engine§ PHP is a templating engine
46
What is a templating engine?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
§ rendering template files is a hack: an include statement with output-buffering control§ no or faked template inheritance§ no isolation: PHP templates make available any global variables or functions§ no template-friendly syntax
47
Why is PHP a crappy templating engine?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
§ Template-oriented syntax§ Twig takes back the dot accessor § for else loop§ Filters § Multiple inheritance§ Dynamic template extension§ Horizontal reuse
§ Extensible§ Twig “Core” is nothing more than a set of default
extensions§ Even Twig syntax is mutable
48
{{ var.method }}
{% for user in users %} * {{ user.name }}{% else %} No user has been found.{% endfor %}
{{ var | uppercase }}
{% extends "layout.html" %}
{% block content %} Content of the page...{% endblock %}
{% use 'div_layout.html.twig' %}
What makes Twig better?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
49
Twig in Actionwarning. plagiarized content ahead
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
50
// add a custom function$twig->addFunction('customfunc', new Twig_Function_Method($this, 'twigCustomFunc'));
Extending
{{ customfunc(var)}}
// add a custom filter$twig->addFilter('customfilt', new Twig_Filter_Function($this, 'doCustomFilt'));
{{ var | customfilt(2) }}
public function twigCustomFunc(Twig_Environment $env, $var){ // do something awesome}
public function twigCustomFilt(Twig_Environment $env, $var, $num){ // do something awesome}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Twig
51
// specify trusted code$tags = array('if');$filters = array('upper');$methods = array( 'Article' => array('getTitle', 'getBody'),);$properties = array( 'Article' => array('title', 'body'),);$functions = array('range');$policy = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions);
// Add your extension to twig$sandbox = new Twig_Extension_Sandbox($policy);$twig->addExtension($sandbox);
Sandboxing
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 52
Did Symfony2Kill the Magic?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Did Symfony2 Kill The Magic?
53
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Did Symfony2 Kill The Magic?
54
§ What is Magic?§ The framework takes on new responsibility, and does so in
a way we don’t understand§ We describe something as “killing the magic” when that
responsibility is returned to the developer§ Why do some consider magic bad?
§ The Great Jon Wage:§ “Magic is great when it works, but the magic you love is
also the cause of much of your pain”§ “Magic makes it harder to understand what is
happening”§ “Edgecases, Edgecases, Edgecases!”§ “Magic is slow”
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Did Symfony2 Kill The Magic?
55
§ Is Magic Bad?§ Magic is bad when it is a hack
§ Doctrine1 Behaviors
§ Magic is bad when it is not well written§ Symfony admin generator
§ Magic is bad when it disregards best practices§ Doctrine1 Active Record
§ Magic is bad when it sacrifices control§ sfInstaPrestoRestApiPluginnator
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Did Symfony2 Kill The Magic?
56
§ Symfony2 did not kill the magic§ Annotations alleviate verbosity of configuration§ Propel2 will implement Doctrine2 in ActiveRecord form§ Convention over Configuration often does the work for you§ That bit about poorly written code? Symfony2 doesn’t have that problem.
§ The first step is to write a solid platform§ The bells and whistles come next
Answer the Question Already!
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 57
Speed
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
58
“Fast as Hell”- Fabien
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
59
§ Symfony2 Framework§ 3 times faster than Symfony 1.4§ 3 times faster than Zend Framework§ Takes up 2 times less memory
§ Doctrine2§ 4 times faster than Doctrine 1 (according to arbitrary benchmark)§ Use of Transactions makes all batch operations significantly faster
§ Caching§ Twig, Dependency Injection Container, Routes, are all as fast as they can possibly be
§ compiled down to plain PHP code§ Everything is converted to plain calls
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
60
§ Symfony2‘s “Killer Feature”§ We use the HTTP 1.1 Caching Specification
§ pre-invented wheels§ Comes with a built in Gateway Cache (aka Reverse Proxy)
§ A shared cache on the server side
HTTP Caching
// web/app.php
$kernel = new AppCache(new AppKernel('prod', false));$kernel->handle(Request::createFromGlobals())->send();
§ Make websites more scalable, reliable and performing better§ Examples: Varnish, Squid, Akimai
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
61
HTTP Caching§ Information is sent with headers
§ Cache-Control / Expires / Last-Modified / ETag
§ the switch from one proxy server to another is easy and transparent as no code modification is needed!
§ Return “304 Not Modified” to save on bandwidth/cpu§ Wait, you mean we have to understand HTTP 1.1 Specifications?
§ Yes.§ And Http 1.1 Caching Headers?
§ That’s right§ Well this party really died
§ It’s ok! Learning is fun.§ You’ll probably get paid more someday§ Ladies* love it. * no ladies love this
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
62
// setting HTTP Cache headers for expirationpublic function indexAction(){ $response = $this->renderView('MyBundle:Main:index.html.twig'); $response->setMaxAge(600); $response->setSharedMaxAge(600);
return $response;}
Show me the money!
// setting HTTP Cache headers for validationpublic function indexAction(){ $response = $this->renderView('MyBundle:Main:index.html.twig'); $response->setETag(md5($response->getContent())); $response->isNotModified($this->get('request'));
return $response;}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 63
It’s too simple.I’ll never be able to cache my app..
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
64
§ Akamai Specification§ allow HTTP cache to be used to cache page fragments (even nested fragments)
independently. § Cache an entire page for 60 minutes, but an embedded sidebar for only 5 minutes.§ Leave fragments uncached!§ Each ESI tag has a fully-qualified URL. An ESI tag represents a page fragment that can be
fetched via the given URL.
Don’t Cry! Use E-S-I!Edge Side Includes
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Speed
65
Show me some mo’ money!<html> <body> Some content
<!-- Embed the content of another page here --> <esi:include src="http://..." />
More content </body></html>
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 66
Infrastructure
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 67
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 68
§ One file to rule them all§ The Entry Point of your application§ Useful when combining platforms§ To the code machine!!!
Infrastructure
Front Controllers
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 69
§ The core consists of three things§ components§ bundles§ bridges
Infrastructure
Symfony2 Core
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Core
70
§ Orthogonal code, separately maintained§ Examples
§ Yaml§ Event Dispatcher§ Routing§ Security
Components
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Core
71
§ Bring libraries into the symfony ecosystem
§ Examples§ FrameworkBundle§ DoctrineBundle§ TwigBundle§ SecurityBundle
Bundles
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Core
72
§ Ties between components independent of the framework
§ Ensures components and bundles really are standalone
§ Examples§ DoctrineBridge§ MonologBridge§ TwigBridge
Bridges
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure
73
§ The framework consists of three main things§ Vendors§ Your Source§ The Application
Symfony2 Framework
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Core
74
§ Third party code. Can be libraries or bundles§ Examples
§ Libraries: doctrine-mongodb§ Bundles: DoctrineMongoDbBundle
Vendors
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Core
75
§ Your code! Anything application-specific§ Probably bundles§ libraries inside bundles
Source
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Symfony2 Framework
76
§ The overmind§ Ties it all together
§ configuration§ routing§ autoloading§ stuff like that
The Application
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure
77
§ Cutesy French Word§ Like everything else, they come in threes
§ Core Bundles§ Vendor Bundles§ Source Bundles
§ Everything is a bundle. Even you.§ Ok I lied, not everything. But most things.
Bundles?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Bundles
78
§ Routing§ Controllers§ Views§ Doctrine Objects§ Libraries§ Assets§ Just About Everything
Bundles contain...
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Infrastructure - Bundles
79
Organization++§ Namespaced§ Flexible Structure§ I have a dream! That one day! All
products shall live side-by-side in one src directory!
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 80
Security
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
81
§ Authentication and Authorization§ Authentication - identify the user
§ Use built in authentication methods§ Login forms, HTTP Authentication, X.509 Certificates§ Stateless
§ Write custom authentication§ Ex: Lock down a URL pattern to Twitter users only
§ Authorization - do they have access?§ User Roles
§ Firewalls§ Activated based on a URL regex match§ Sends authentication back to the user
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
82
§ User Providers§ Users can come from anywhere
§ database table§ web service§ in memory
§ Use Multiple user providers in a single application§ Custom User Providers
§ UserInterface / UserProviderInterface§ Encoding
§ Configured per user provider§ Also customizable (PasswordEncoderInterface)
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
83
# app/config/config.ymlsecurity: firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: realm: "Secured Demo Area"
access_control: - { path: ^/admin, roles: ROLE_ADMIN }
providers: in_memory: users: brent: { password: brentpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' }
encoders: Symfony\Component\Security\Core\User\User: plaintext
Authentication
Authorization
User Providers
Password Encoding
A Practical Example
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
84
# app/config/config.ymlsecurity: firewalls: my_service: pattern: ^/api/.* wsse: true
Extending the Security Component
§ You can get a good look at a T-Bone if you stick your head up a... no wait, it’s your bull.
§ WSSE (because we all hate SOAP)§ Four Classes
§ WsseListener
§ WsseProvider
§ WsseToken
§ WsseFactory
§ not as easy as advertised§ But...
§ When secure methods of a service class are called, unauthenticated users are prompted with a login.
§ That’s neat.§ Wait... WHAT??
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
85
Allows for the extending of Services
class NewsletterManager{ protected $securityContext;
public function __construct(SecurityContextInterface $securityContext) { $this->securityContext = $securityContext; }
public function sendNewsletter() { if (false == $this->securityContext->isGranted('NEWSLETTER_ADMIN')) { throw new AccessDeniedException(); } //-- }}
Awesome
Rad
Groovy
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Security
86
In Conclusion§ Symfony2 uses the well-proven security model of authentication and authorization. § The security component is very robust, and made to handle enterprise-level
authentication needs§ The container makes it possible to extend security even further
§ Custom authentication methods§ Custom user providers§ Custom authorization§ Custom encoding
Game Boardhttp://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 87
PHP 5.3
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
PHP 5.3
§ Why is everyone so scared?§ PHP 5.2 came out in 2006§ PHP 5.3 has been out for two years
§ Who uses it?§ Doctrine2, MongoODM, Symfony2, Zend Framework2, Assetic, Behat, Monolog... more to
come§ What do we get?
§ Namespaces§ Autoloading, Avoid Collisions, Organization
§ Closures and Lamdas, y’all!§ Late Static Binding§ SPL Enhancements, new functions
§ OpenSSL, Mysql, and DateTime functions, native array functions, parse_ini_string(), str_getcsv(), etc.§ Chaining Exceptions
§ exciting news for huge nerds
88
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 89
Testing
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Testing
90
Game Board
PHPUnit
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 91
Forms
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Testing
92
Game Board
[Slides to make you soundlike you understand forms here]
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Your Mother
93
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Tom Selleck’s Mustache
94
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Standard White Background Bullet Slide
95
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Standard White Background Bullet Slide
96
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Standard White Background Bullet Slide
97
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
Standard White Background Bullet Slide
98
§ http://brentertainment.com§ http://github.com/bshaffer§ @bshaffer
Questions?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.