Configuring Access Control
Overview of configuration options for the Nette Security.
If you are not using the whole framework, but only this library, read how to load the configuration.
You can define a list of users in the configuration to create a simple authenticator
Nette\Security\SimpleAuthenticator). Because passwords are readable in the configuration, this solution is for
testing purposes only.
security: # shows user panel in Tracy Bar? debugger: ... # (bool) defaults to true users: # name: password johndoe: secret123 # name, password, role and other data available in the identity janedoe: password: secret123 roles: [admin] data: ...
You can also define roles and resources to create a basis for authorizer
security: roles: guest: registered: [guest] # registered inherits from guest admin: [registered] # and admin inherits from registered resources: article: comment: [article] # resource inherits from article poll:
You can configure how to store information about the logged in user:
security: authentication: # after how long of inactivity the user will be logged out expiration: 30 minutes # (string) default is not set # where to store information about the logged in user storage: session # (session|cookie) default is session
If you choose
cookie as your repository, you can also set the following options:
security: authentication: # jméno cookie cookieName: userId # (string) výchozí je userid # which hosts are allowed to receive the cookie cookieDomain: 'example.com' # (string|domain) # restrictions when accessing cross-origin request cookieSamesite: None # (Strict|Lax|None) defaults to Lax