1<?php 2 3require_once __DIR__.'/../vendor/autoload.php'; 4 5use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; 6use Symfony\Component\Security\Core\User\InMemoryUserProvider; 7use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager; 8use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; 9use Symfony\Component\Security\Core\Authorization\AuthorizationChecker; 10use RabbitMQAuth\Authentication\Authenticator; 11use RabbitMQAuth\Authentication\ChainAuthenticationChecker; 12use RabbitMQAuth\Authentication\UserPasswordTokenChecker; 13use RabbitMQAuth\Authentication\UserTokenChecker; 14use RabbitMQAuth\Authorization\DefaultVoter; 15use RabbitMQAuth\Controller\AuthController; 16use RabbitMQAuth\Security; 17use Monolog\Handler\StreamHandler; 18use Monolog\Logger; 19 20/** 21 * You must can edit the following users and theyre roles (tags) 22 */ 23$userProvider = new InMemoryUserProvider(array( 24 //Admin user 25 'Anthony' => array( 26 'password' => 'anthony-password', 27 'roles' => array( 28 'administrator', 29 // 'impersonator', // report to https://www.rabbitmq.com/validated-user-id.html 30 ), 31 ), 32 'James' => array( 33 'password' => 'bond', 34 'roles' => array( 35 'management', 36 ), 37 ), 38 'Roger' => array( 39 'password' => 'rabbit', 40 'roles' => array( 41 'monitoring', 42 ), 43 ), 44 'Bunny' => array( 45 'password' => 'bugs', 46 'roles' => array( 47 'policymaker', 48 ), 49 ), 50)); 51 52/** 53 * You can edit the user permissions here 54 * 55 * $permissions = arrray( 56 * '{USERNAME}' => array( 57 * '{VHOST}' => array( 58 * 'ip' => '{REGEX_IP}', 59 * 'read' => '{REGEX_READ}', 60 * 'write' => '{REGEX_WRITE}', 61 * 'configure' => '{REGEX_CONFIGURE}', 62 * ), 63 * ), 64 * ); 65 */ 66$permissions = array( 67 'Anthony' => array( 68 'isAdmin' => true, 69 ), 70 'James' => array( 71 '/' => array( 72 'ip' => '.*', 73 'read' => '.*', 74 'write' => '.*', 75 'configure' => '.*', 76 ), 77 ), 78); 79 80/** 81 * Authenticator initialisation 82 * 83 * His gonna to find the user (with user provider) and to check the authentication with the authentication checker. 84 * 85 * We are 2 types of access token: 86 * - UserPasswordToken use with the user endpoint (to check the username and the password validity) 87 * - UserToken use with resource/topic/vhost endpoint (to check the username existence) 88 */ 89$authenticator = new Authenticator( 90 $userProvider, 91 new ChainAuthenticationChecker(array( 92 new UserPasswordTokenChecker(), 93 new UserTokenChecker(), 94 )) 95); 96 97/** 98 * DefaultVoter is used to check the authorization. 99 * 100 * This class has the same implementation of default RabbitMQ authorization process. 101 * 102 * $permission is the configured user permission 103 */ 104$defaultVoter = new DefaultVoter($permissions); 105 106/** 107 * This class is the initialisation of the symfony/security component 108 */ 109$authenticationManager = new AuthenticationProviderManager(array($authenticator)); 110$accessDecisionManager = new AccessDecisionManager(array($defaultVoter)); 111 112$tokenStorage = new TokenStorage(); 113 114$authorizationChecker = new AuthorizationChecker( 115 $tokenStorage, 116 $authenticationManager, 117 $accessDecisionManager 118); 119 120/** 121 * The security class is the main class 122 */ 123$security = new Security($authenticationManager, $authorizationChecker); 124 125/** 126 * This is the auth controller. 127 * 128 * It take the http request and return the http response 129 */ 130$authController = new AuthController($tokenStorage, $security); 131 132/** Add a logger */ 133$stream = new StreamHandler(__DIR__.'/../var/log.log', Logger::DEBUG); 134$authenticator->setLogger((new Logger('rabbitmq_authenticator'))->pushHandler($stream)); 135$defaultVoter->setLogger((new Logger('rabbitmq_default_voter'))->pushHandler($stream)); 136$security->setLogger((new Logger('rabbitmq_security'))->pushHandler($stream)); 137