Configuring Access Control

Overview of configuration options for Nette Security.

If you are not using the entire framework, but only this library, read how to load the configuration.

You can define a list of users in the configuration to create a simple authenticator (Nette\Security\SimpleAuthenticator). Because passwords are listed in plain text in the configuration, this solution is suitable for testing purposes only.

security:
	# show the user panel in Tracy Bar?
	debugger: ...  # (bool) defaults to true

	users:
		# name: password
		johndoe: secret123

		# name, password, roles, and other data available in the identity
		janedoe:
			password: secret123
			roles: [admin]
			data: ...

Furthermore, you can define roles and resources to create a basis for an authorizer (Nette\Security\Permission):

security:
	roles:
		guest:
		registered: [guest]  # registered inherits from guest
		admin: [registered]  # and admin inherits from registered

	resources:
		article:
		comment: [article]   # resource inherits from article
		poll:

User Storage

You can configure how to store information about the logged-in user:

security:
	authentication:
		# period of inactivity after which the user will be logged out
		expiration: 30 minutes        # (string) default is not set

		# where to store information about the logged-in user
		storage: session              # (session|cookie) default is session

If you choose cookie as the storage, you can also set these options:

security:
	authentication:
		# name of the cookie
		cookieName: userId            # (string) defaults to userid

		# domains that can receive the cookie
		cookieDomain: 'example.com'   # (string|domain)

		# restriction for cross-origin access
		cookieSamesite: None          # (Strict|Lax|None) defaults to Lax

DI Services

These services are added to the DI container: