42e33a5908
Add Keycloak authentication for ETL users. Configure ETL routes and login/logout functionality. Integrate ETL with Keycloak SSO. Update vite.config.js to include etl.js. Create EtlController with home, login, and logout routes. Implement EtlAuthenticator for email/password login. Configure security.yaml for ETL firewall and providers. Add etl.js and etl.scss for ETL frontend. Add Keycloak client configuration for ETL. Update PrestaireController to use absolute URL for login.
99 lines
3.5 KiB
YAML
99 lines
3.5 KiB
YAML
security:
|
|
password_hashers:
|
|
App\Entity\Account: 'auto'
|
|
App\Entity\Customer: 'auto'
|
|
App\Entity\Prestaire: 'auto'
|
|
|
|
providers:
|
|
app_account_provider:
|
|
entity:
|
|
class: App\Entity\Account
|
|
property: email
|
|
reserve_account_provider: # Provider spécifique Customer
|
|
entity:
|
|
class: App\Entity\Customer
|
|
property: email
|
|
etl_account_provider: # Provider spécifique Customer
|
|
entity:
|
|
class: App\Entity\Prestaire
|
|
property: email
|
|
etl_chain_provider:
|
|
chain:
|
|
providers: [etl_account_provider, app_account_provider]
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
security: false
|
|
|
|
etl:
|
|
pattern: ^/(etl)
|
|
lazy: true
|
|
provider: etl_chain_provider # Force l'entité Account (Admin) ici
|
|
user_checker: App\Security\UserChecker
|
|
entry_point: App\Security\EtlAuthenticator
|
|
form_login:
|
|
login_path: etl_home
|
|
check_path: etl_home
|
|
enable_csrf: true
|
|
csrf_token_id: authenticate
|
|
|
|
custom_authenticator:
|
|
- App\Security\EtlAuthenticator
|
|
- App\Security\EtlKeycloakAuthenticator
|
|
|
|
logout:
|
|
path: elt_logout
|
|
target: elt_home
|
|
|
|
|
|
intranet:
|
|
pattern: ^/(intranet|crm|2fa)
|
|
lazy: true
|
|
provider: app_account_provider # Force l'entité Account (Admin) ici
|
|
user_checker: App\Security\UserChecker
|
|
two_factor:
|
|
auth_form_path: 2fa_login
|
|
check_path: 2fa_login_check
|
|
default_target_path: /
|
|
entry_point: App\Security\LoginFormAuthenticator
|
|
form_login:
|
|
login_path: app_home
|
|
check_path: app_home
|
|
enable_csrf: true
|
|
csrf_token_id: authenticate
|
|
|
|
custom_authenticator:
|
|
- App\Security\LoginFormAuthenticator
|
|
- App\Security\KeycloakAuthenticator
|
|
|
|
logout:
|
|
path: app_logout
|
|
target: app_home
|
|
# --- FIREWALL PRINCIPAL (CRM / ADMIN) ---
|
|
main:
|
|
pattern: ^/
|
|
provider: reserve_account_provider # Force l'entité Customer ici
|
|
entry_point: App\Security\CustomerAuthenticator # Spécifie l'authentificateur à utiliser comme point d'entrée
|
|
custom_authenticator:
|
|
- App\Security\CustomerAuthenticator
|
|
- App\Security\FlowAuthenticator
|
|
user_checker: App\Security\UserChecker # Si vous voulez vérifier l'activation du compte
|
|
logout:
|
|
path: reservation_logout
|
|
target: reservation_login # Redirige vers le login client après déconnexion
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 604800
|
|
|
|
role_hierarchy:
|
|
ROLE_ROOT: [ROLE_ADMIN, ROLE_CLIENT_MAIN, ROLE_CUSTOMER]
|
|
ROLE_CLIENT_MAIN: [ROLE_ADMIN, ROLE_CUSTOMER]
|
|
|
|
access_control:
|
|
- { path: ^/2fa, roles: PUBLIC_ACCESS }
|
|
# Protection de l'espace client (Firewall customer_reservation)
|
|
- { path: ^/gestion-contrat, roles: [ROLE_CUSTOMER] }
|
|
# Protection du CRM (Firewall main)
|
|
- { path: ^/crm, roles: [ROLE_ADMIN] }
|
|
- { path: ^/, roles: PUBLIC_ACCESS }
|