Symfony

Security Advanced

Custom authenticators, voters, security expressions, CSRF protection, XSS prevention, rate limiting, production hardening, JWT/OAuth2 misconfigurations

22 preguntas de entrevista·
Senior
1

Which interface must a custom authenticator implement in Symfony 6+?

Respuesta

In Symfony 6+, custom authenticators must implement AuthenticatorInterface from the Security HTTP component. This interface defines the methods supports(), authenticate(), onAuthenticationSuccess(), onAuthenticationFailure() and optionally createToken(). It replaces the old Guard system that was used in Symfony 4/5.

2

What is the role of the supports() method in a custom authenticator?

Respuesta

The supports() method determines if the authenticator should handle the current request. It receives the Request and returns a boolean. If true, the authenticate() method followed by onAuthenticationSuccess() or onAuthenticationFailure() will be called. This allows having multiple active authenticators on the same firewall, each handling a specific authentication type.

3

What should the authenticate() method of a custom authenticator return on success?

Respuesta

The authenticate() method must return a Passport object containing a UserBadge (user identifier) and credentials badges. The Passport can also contain additional badges like CsrfTokenBadge or RememberMeBadge. Symfony then uses this Passport to create the authentication token and load the user via the UserProvider.

4

How to define a custom Voter to control access to a specific resource?

5

Which AccessDecisionManager strategy is recommended for applications requiring strict security?

+19 preguntas de entrevista

Otros temas de entrevista Symfony

Modern PHP (8.1+)

Junior
20 preguntas

Symfony Basics

Junior
25 preguntas

Routing & Controllers

Junior
20 preguntas

Twig & Templates

Junior
20 preguntas

Doctrine ORM Basics

Junior
25 preguntas

Symfony Forms

Junior
22 preguntas

Data Validation

Junior
18 preguntas

Dependency Injection & Services

Mid-Level
24 preguntas

Security & Authentication

Mid-Level
26 preguntas

Doctrine Advanced

Mid-Level
24 preguntas

API Platform

Mid-Level
22 preguntas

Serializer Component

Mid-Level
20 preguntas

Events & Event Subscribers

Mid-Level
20 preguntas

Console & Commands

Mid-Level
18 preguntas

Messenger Component

Mid-Level
22 preguntas

HTTP Client

Mid-Level
18 preguntas

Cache & Performance

Mid-Level
20 preguntas

Workflow Component

Mid-Level
18 preguntas

Testing Symfony

Mid-Level
22 preguntas

Mailer Component

Mid-Level
16 preguntas

Translations & i18n

Mid-Level
16 preguntas

EasyAdmin Bundle

Mid-Level
18 preguntas

Symfony Architecture

Senior
24 preguntas

Performance & Optimization

Senior
22 preguntas

Custom Bundles

Senior
20 preguntas

Microservices with Symfony

Senior
22 preguntas

Real-time & WebSockets

Senior
18 preguntas

Deployment & DevOps

Senior
20 preguntas

Domina Symfony para tu próxima entrevista

Accede a todas las preguntas, flashcards, tests técnicos, ejercicios de code review y simuladores de entrevista.

Empieza gratis