Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Bundle
Assessments

Security Bundle Laravel Package

crocos/security-bundle

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Setup

  1. Installation:

    composer require crocos/security-bundle:dev-master

    Add to AppKernel.php:

    new Crocos\SecurityBundle\CrocosSecurityBundle(),

  2. First Use Case:

    • Annotate a controller method with @Secure to enforce authentication: 
      use Crocos\SecurityBundle\Annotation\Secure;

class DashboardController extends Controller
{
    /**
     * @Secure()
     */
    public function indexAction()
    {
        // Only accessible to authenticated users
    }
}

  3. Configuration:

    • Define firewall rules in app/config/security.yml (minimal example): 
      security:
    firewalls:
        main:
            anonymous: ~

Implementation Patterns

Annotation-Driven Workflows

  1. Role-Based Access:

    /**
 * @Secure(roles={"ROLE_ADMIN"})
 */
public function adminAction()
{
    // Only accessible to ADMIN users
}

  2. Method-Level Security:

    • Apply @Secure to individual methods (no global firewall needed for simple cases).
    • Combine with Symfony’s Voter interfaces for custom logic.

  3. Login/Logout Handling:

    • Explicitly trigger auth state changes via services: 
      $this->get('security.context')->setToken($authToken); // Login
$this->get('security.context')->setToken(null);        // Logout

Integration Tips

  • Symfony Forms: Use CrocosSecurityBundle's SecurityContext to validate roles in form type classes:

    public function buildForm(FormBuilderInterface $builder, array $options)
{
    if (!$this->getSecurityContext()->isGranted('ROLE_ADMIN')) {
        throw new \RuntimeException('Unauthorized');
    }
}

  • Event Listeners: Extend security logic via security.interactive_login/security.authentication_success events.

Gotchas and Tips

Pitfalls

  1. No Built-in CSRF Protection:

    • Unlike SecurityBundle, this bundle does not include CSRF tokens. Use Symfony’s CsrfTokenManager separately.

  2. Deprecated Symfony 2.x:

    • Last release in 2015 for Symfony 2.0. Not compatible with Symfony 3+ or 4+.
    • Avoid for new projects; consider Symfony\SecurityBundle or api-platform/security.

  3. No Automatic Logout:

    • Unlike SecurityBundle, this bundle does not handle session expiration or automatic logout. Implement manually: 
      $this->get('session')->invalidate();

Debugging

  • Annotation Parsing Errors:

    • Ensure annotations are parsed by Symfony’s AnnotationReader. Clear cache (php bin/console cache:clear) if issues arise.

  • Token Context:

    • Debug auth state with: 
      $this->get('security.context')->getToken()->getRoles();

Extension Points

  1. Custom Annotations:

    • Extend Crocos\SecurityBundle\Annotation\Secure to add metadata (e.g., @Secure(ip="192.168.1.0/24")).

  2. Voters:

    • Implement Crocos\SecurityBundle\Security\Voter\VoterInterface for custom access logic.

  3. Authentication Providers:

    • Override Crocos\SecurityBundle\Security\Authentication\Provider\AuthenticationProviderInterface for custom auth backends.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
croct/coding-standard
croct/plug-php
nqxcode/phpmorphy
boundwize/pyrameter
testo/facade
develia/commons
dmstr/symfony-system-resources-bundle
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
renatomarinho/laravel-page-speed
develia/geo-bundle
austinheap/laravel-database-encryption
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
imbo/imbo-coding-standard
visualbuilder/filament-lottie
servicioslineaonce/starter-kit
atomcoder/laravel-reorderable
irajul/filament-shadcn-theme