Merge branch '2.2' into 2.3

weaverryan · weaverryan · commit 96b37dfcb531 · 2013-07-28T19:53:51.000-05:00
diff --git a/book/security.rst b/book/security.rst
@@ -25,8 +25,8 @@ application with HTTP Basic authentication.
 
 .. note::
 
-    `Symfony's security component`_ is available as a standalone PHP library
-    for use inside any PHP project.
+    :doc:`Symfony's security component </components/security/introduction>` is
+    available as a standalone PHP library for use inside any PHP project.
 
 Basic Example: HTTP Authentication
 ----------------------------------
@@ -686,14 +686,11 @@ see :doc:`/cookbook/security/form_login`.
 Authorization
 -------------
 
-The first step in security is always authentication: the process of verifying
-who the user is. With Symfony, authentication can be done in any way - via
-a form login, basic HTTP Authentication, or even via Facebook.
-
-Once the user has been authenticated, authorization begins. Authorization
-provides a standard and powerful way to decide if a user can access any resource
-(a URL, a model object, a method call, ...). This works by assigning specific
-roles to each user, and then requiring different roles for different resources.
+The first step in security is always authentication. Once the user has been
+authenticated, authorization begins. Authorization provides a standard and
+powerful way to decide if a user can access any resource (a URL, a model
+object, a method call, ...). This works by assigning specific roles to each
+user, and then requiring different roles for different resources.
 
 The process of authorization has two different sides:
 
@@ -712,12 +709,6 @@ URL pattern. You've seen this already in the first example of this chapter,
 where anything matching the regular expression pattern ``^/admin`` requires
 the ``ROLE_ADMIN`` role.
 
-.. caution::
-
-    Understanding exactly how ``access_control`` works is **very** important
-    to make sure your application is properly secured. See :ref:`security-book-access-control-explanation`
-    below for detailed information.
-
 You can define as many URL patterns as you need - each is a regular expression.
 
 .. configuration-block::
@@ -769,12 +760,15 @@ to find *one* that matches the current request. As soon as it finds a matching
 is used to enforce access.
 
 Each ``access_control`` has several options that configure two different
-things: (a) :ref:`should the incoming request match this access control entry<security-book-access-control-matching-options>`
-and (b) :ref:`once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options>`:
+things:
+
+* (a) :ref:`should the incoming request match this access control entry<security-book-access-control-matching-options>`
+* (b) :ref:`once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options>`:
 
 .. _security-book-access-control-matching-options:
 
-**(a) Matching Options**
+(a) Matching Options
+....................
 
 Symfony2 creates an instance of :class:`Symfony\\Component\\HttpFoundation\\RequestMatcher`
 for each ``access_control`` entry, which determines whether or not a given
@@ -869,7 +863,8 @@ will match any ``ip``, ``host`` or ``method``:
 
 .. _security-book-access-control-enforcement-options:
 
-**(b) Access Enforcement**
+(b) Access Enforcement
+......................
 
 Once Symfony2 has decided which ``access_control`` entry matches (if any),
 it then *enforces* access restrictions based on the ``roles`` and ``requires_channel``
@@ -1229,7 +1224,9 @@ class:
         security:
             providers:
                 main:
-                    entity: { class: Acme\UserBundle\Entity\User, property: username }
+                    entity:
+                        class: Acme\UserBundle\Entity\User
+                        property: username
 
     .. code-block:: xml
 
@@ -1773,11 +1770,6 @@ Note that you will *not* need to implement a controller for the ``/logout``
 URL as the firewall takes care of everything. You *do*, however, need to create
 a route so that you can use it to generate the URL:
 
-.. caution::
-
-    As of Symfony 2.1, you *must* have a route that corresponds to your logout
-    path. Without this route, logging out will not work.
-
 .. configuration-block::
 
     .. code-block:: yaml
@@ -1811,6 +1803,11 @@ a route so that you can use it to generate the URL:
 
         return $collection;
 
+.. caution::
+
+    As of Symfony 2.1, you *must* have a route that corresponds to your logout
+    path. Without this route, logging out will not work.
+
 Once the user has been logged out, he will be redirected to whatever path
 is defined by the ``target`` parameter above (e.g. the ``homepage``). For
 more information on configuring the logout, see the
@@ -1930,7 +1927,7 @@ to show a link to exit impersonation:
     .. code-block:: html+jinja
 
         {% if is_granted('ROLE_PREVIOUS_ADMIN') %}
-            <a href="{{ path('homepage', {_switch_user: '_exit'}) }}">Exit impersonation</a>
+            <a href="{{ path('homepage', {'_switch_user': '_exit'}) }}">Exit impersonation</a>
         {% endif %}
 
     .. code-block:: html+php
@@ -2114,7 +2111,6 @@ Learn more from the Cookbook
 * :doc:`Access Control Lists (ACLs) </cookbook/security/acl>`
 * :doc:`/cookbook/security/remember_me`
 
-.. _`Symfony's security component`: https://github.com/symfony/Security
 .. _`JMSSecurityExtraBundle`: http://jmsyst.com/bundles/JMSSecurityExtraBundle/1.2
 .. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
 .. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php
diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
@@ -460,12 +460,14 @@ You are finished! You can now define parts of your app as under WSSE protection.
             firewalls:
                 wsse_secured:
                     pattern:   /api/.*
+                    stateless: true
                     wsse:      true
 
     .. code-block:: xml
 
         <config>
             <firewall name="wsse_secured" pattern="/api/.*">
+                <stateless />
                 <wsse />
             </firewall>
         </config>
@@ -476,6 +478,7 @@ You are finished! You can now define parts of your app as under WSSE protection.
             'firewalls' => array(
                 'wsse_secured' => array(
                     'pattern' => '/api/.*',
+                    'stateless'    => true,
                     'wsse'    => true,
                 ),
             ),
@@ -560,6 +563,7 @@ set to any desirable value per firewall.
             firewalls:
                 wsse_secured:
                     pattern:   /api/.*
+                    stateless: true
                     wsse:      { lifetime: 30 }
 
     .. code-block:: xml
@@ -568,6 +572,7 @@ set to any desirable value per firewall.
             <firewall name="wsse_secured"
                 pattern="/api/.*"
             >
+                <stateless />
                 <wsse lifetime="30" />
             </firewall>
         </config>
@@ -578,6 +583,7 @@ set to any desirable value per firewall.
             'firewalls' => array(
                 'wsse_secured' => array(
                     'pattern' => '/api/.*',
+                    'stateless' => true,
                     'wsse'    => array(
                         'lifetime' => 30,
                     ),
