Symfony

Security Advanced

Custom authenticators, voters, security expressions, CSRF protection, XSS prevention, rate limiting, production hardening, JWT/OAuth2 misconfigurations

22 pertanyaan wawancaraยท
Senior
1

Which interface must a custom authenticator implement in Symfony 6+?

Jawaban

In Symfony 6+, custom authenticators must implement AuthenticatorInterface from the Security HTTP component. This interface defines the methods supports(), authenticate(), onAuthenticationSuccess(), onAuthenticationFailure() and optionally createToken(). It replaces the old Guard system that was used in Symfony 4/5.

2

What is the role of the supports() method in a custom authenticator?

Jawaban

The supports() method determines if the authenticator should handle the current request. It receives the Request and returns a boolean. If true, the authenticate() method followed by onAuthenticationSuccess() or onAuthenticationFailure() will be called. This allows having multiple active authenticators on the same firewall, each handling a specific authentication type.

3

What should the authenticate() method of a custom authenticator return on success?

Jawaban

The authenticate() method must return a Passport object containing a UserBadge (user identifier) and credentials badges. The Passport can also contain additional badges like CsrfTokenBadge or RememberMeBadge. Symfony then uses this Passport to create the authentication token and load the user via the UserProvider.

4

How to define a custom Voter to control access to a specific resource?

5

Which AccessDecisionManager strategy is recommended for applications requiring strict security?

+19 pertanyaan wawancara

Topik wawancara Symfony lainnya

Modern PHP (8.1+)

Junior
20 pertanyaan

Symfony Basics

Junior
25 pertanyaan

Routing & Controllers

Junior
20 pertanyaan

Twig & Templates

Junior
20 pertanyaan

Doctrine ORM Basics

Junior
25 pertanyaan

Symfony Forms

Junior
22 pertanyaan

Data Validation

Junior
18 pertanyaan

Dependency Injection & Services

Mid-Level
24 pertanyaan

Security & Authentication

Mid-Level
26 pertanyaan

Doctrine Advanced

Mid-Level
24 pertanyaan

API Platform

Mid-Level
22 pertanyaan

Serializer Component

Mid-Level
20 pertanyaan

Events & Event Subscribers

Mid-Level
20 pertanyaan

Console & Commands

Mid-Level
18 pertanyaan

Messenger Component

Mid-Level
22 pertanyaan

HTTP Client

Mid-Level
18 pertanyaan

Cache & Performance

Mid-Level
20 pertanyaan

Workflow Component

Mid-Level
18 pertanyaan

Testing Symfony

Mid-Level
22 pertanyaan

Mailer Component

Mid-Level
16 pertanyaan

Translations & i18n

Mid-Level
16 pertanyaan

EasyAdmin Bundle

Mid-Level
18 pertanyaan

Symfony Architecture

Senior
24 pertanyaan

Performance & Optimization

Senior
22 pertanyaan

Custom Bundles

Senior
20 pertanyaan

Microservices with Symfony

Senior
22 pertanyaan

Real-time & WebSockets

Senior
18 pertanyaan

Deployment & DevOps

Senior
20 pertanyaan

Kuasai Symfony untuk wawancara berikutnya

Akses semua pertanyaan, flashcards, tes teknis, latihan code review dan simulator wawancara.

Mulai gratis