Zed Route Security / Auth: Hi, can someone maybe point me in the right direction :slightly_smiling_

U01BZ7Q3XRV · November 2021

Zed Route Security / Auth:

Hi, can someone maybe point me in the right direction 🙂

Basically I want to have a Zed Controller to consume Akeneo Webhooks and disable the default Zed Auth and instead check the request signature.

I found the \Spryker\Shared\SecurityExtension\Dependency\Plugin\SecurityPluginInterface which could be the right place, but I also did nod find out yet how to use it

U02MQRQHG3E · November 2021

Hi David!
You could look into /src/Pyz/Zed/Security/SecurityDependencyProvider.php for plugin examples. To allow anonymous access to some endpoint you need to add your custom security plugin to the top of the list and use both addFirewall and addAccesRules methods in it. UserSecurityPlugin seems like good example to start with.
This is where I ended up while solving similar problem, so I could miss something or get wrong, please correct me in this case

U01BZ7Q3XRV · November 2021

@U02MQRQHG3E thanks! then I'm at least not completely wrong here 😉 ok I'm trying the addAccessRules to allow access at first. But for some reason it's not working. I guess I have to keep debugging somewhere where the access rules are applied

U02MQRQHG3E · November 2021

Like I mentioned, in my case using both firewall and access rule was necessary. So, if nothing helps, try something like:

class MySecurityPlugin extends AbstractPlugin implements SecurityPluginInterface
{
    protected const SECURITY_FIREWALL_NAME = 'MyFirewall';
    protected const MY_ROUTE_PATTERN = '^/my-endpoint';
    protected const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';

    public function extend(SecurityBuilderInterface $securityBuilder, ContainerInterface $container): SecurityBuilderInterface
    {
        $securityBuilder = $this->addFirewall($securityBuilder);
        $securityBuilder = $this->addAccessRules($securityBuilder);

        return $securityBuilder;
    }

    protected function addFirewall(SecurityBuilderInterface $securityBuilder): SecurityBuilderInterface
    {
        $securityBuilder->addFirewall(static::SECURITY_FIREWALL_NAME, [
            'anonymous' => true,
            'pattern' => static::MY_ROUTE_PATTERN,
        ]);

        return $securityBuilder;
    }

    protected function addAccessRules(SecurityBuilderInterface $securityBuilder): SecurityBuilderInterface
    {
        $accessRules = [
            [
                static::MY_ROUTE_PATTERN,
                static::IS_AUTHENTICATED_ANONYMOUSLY,
            ],
        ];

        $securityBuilder->addAccessRules($accessRules);
        return $securityBuilder;
    }

}

And don't forget, plugins order matters - because route patterns might intersect.

U01BZ7Q3XRV · November 2021

thx 👍 it seems to work, but then later he still tries to get a user from the session. It seems I still have to add the route to the ignorable paths in the acl module somewhere

giovanni.piemontese · November 2021

u have to ignore your route here -> \Pyz\Zed\SecurityGui\SecurityGuiConfig::IGNORABLE_ROUTE_PATTERN and here -> \Spryker\Shared\Acl\AclConstants::ACL_DEFAULT_RULES

U01BZ7Q3XRV · November 2021

ok this works, but I'll check if I can add the rules maybe somewhere using a plugin

U01BZ7Q3XRV · November 2021

but it works for now! Thank you 👍

Zed Route Security / Auth: Hi, can someone maybe point me in the right direction :slightly_smiling_

Comments

Categories