Class SecurityComponent

_authRequiredsource protected

_authRequired( Cake\Controller\Controller $controller )

Check if authentication is required

Parameters

Cake\Controller\Controller $controller

Instantiating controller

Returns

boolean
true if authentication required

_callbacksource protected

_callback( Cake\Controller\Controller $controller , string $method , array $params [] )

Calls a controller callback method

Parameters

Cake\Controller\Controller $controller

Controller to run callback on

string $method

Method to execute

array $params optional []

Parameters to send to method

Returns

mixed
Controller callback method's response

Throws

Cake\Network\Exception\BadRequestException
When a the blackholeCallback is not callable.

_requireMethodsource protected

_requireMethod( string $method , array $actions [] )

Sets the actions that require a $method HTTP request, or empty for all actions

Parameters

string $method

The HTTP method to assign controller actions to

array $actions optional []

Controller actions to set the required HTTP method to.

_secureRequiredsource protected

_secureRequired( Cake\Controller\Controller $controller )

Check if access requires secure connection

Parameters

Cake\Controller\Controller $controller

Instantiating controller

Returns

boolean
true if secure connection required

_validatePostsource protected

_validatePost( Cake\Controller\Controller $controller )

Validate submitted form

Parameters

Cake\Controller\Controller $controller

Instantiating controller

Returns

boolean
true if submitted form is valid

blackHolesource public

blackHole( Cake\Controller\Controller $controller , string $error '' )

Black-hole an invalid request with a 400 error or custom callback. If SecurityComponent::$blackHoleCallback is specified, it will use this callback by executing the method indicated in $error

Parameters

Cake\Controller\Controller $controller

Instantiating controller

string $error optional ''

Error method

Returns

mixed
If specified, controller blackHoleCallback's response, or no return otherwise

Throws

Cake\Network\Exception\BadRequestException
\Cake\Network\Exception\BadRequestException

See

SecurityComponent::$blackHoleCallback

Link

http://book.cakephp.org/3.0/en/controllers/components/security.html#handling-blackhole-callbacks

generateTokensource public

generateToken( Cake\Network\Request $request )

Manually add form tampering prevention token information into the provided request object.

Parameters

Cake\Network\Request $request

The request object to add into.

Returns

boolean
bool

implementedEventssource public

implementedEvents( )

Events supported by this component.

Returns

array
array

Overrides

Cake\Controller\Component::implementedEvents()

requireAuthsource public

requireAuth( string|array $actions )

Sets the actions that require whitelisted form submissions.

Adding actions with this method will enforce the restrictions set in SecurityComponent::$allowedControllers and SecurityComponent::$allowedActions.

Parameters

string|array $actions

Actions list

requireSecuresource public

requireSecure( string|array $actions null )

Sets the actions that require a request that is SSL-secured, or empty for all actions

Parameters

string|array $actions optional null

Actions list

startupsource public

startup( Cake\Event\Event $event )

Component startup. All security checking happens here.

Parameters

Cake\Event\Event $event

An Event instance

Returns

mixed
mixed

__constructsource public

__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )

Constructor

Parameters

Cake\Controller\ComponentRegistry $registry

A ComponentRegistry this component can use to lazy load its components

array $config optional []

Array of configuration settings.

__debugInfosource public

__debugInfo( )

Returns an array that can be used to describe the internal state of this object.

Returns

array
array

__getsource public

__get( string $name )

Magic method for lazy loading $components.

Parameters

string $name

Name of component to get.

Returns

mixed
A Component object or null.

initializesource public

initialize( array $config )

Constructor hook method.

Implement this method to avoid having to overwrite the constructor and call parent.

Parameters

array $config

The configuration settings provided to this component.

_configDeletesource protected

_configDelete( string $key )

Delete a single config key

Parameters

string $key

Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configReadsource protected

_configRead( string|null $key )

Read a config variable

Parameters

string|null $key

Key to read.

Returns

mixed
mixed

_configWritesource protected

_configWrite( string|array $key , mixed $value , boolean|string $merge false )

Write a config variable

Parameters

string|array $key

Key to write to.

mixed $value

Value to write.

boolean|string $merge optional false

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

configsource public

config( string|array|null $key null , mixed|null $value null , boolean $merge true )

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array|null $key optional null

The key to get/set, or a complete array of configs.

mixed|null $value optional null

The value to set.

boolean $merge optional true

Whether to recursively merge or overwrite existing config, defaults to true.

Returns

mixed
Config value being read, or the object itself on write operations.

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallowsource public

configShallow( string|array $key , mixed|null $value null )

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional null

The value to set.

Returns

mixed
$this The object itself.

logsource public

log( mixed $msg , integer|string $level LogLevel::ERROR , string|array $context [] )

Convenience method to write a message to Log. See Log::write() for more information on writing to logs.

Parameters

mixed $msg

Log message.

integer|string $level optional LogLevel::ERROR

Error level.

string|array $context optional []

Additional log data relevant to this message.

Returns

boolean
Success of log write.

null

[
    'blackHoleCallback' => null,
    'requireSecure' => [],
    'requireAuth' => [],
    'allowedControllers' => [],
    'allowedActions' => [],
    'unlockedFields' => [],
    'unlockedActions' => [],
    'validatePost' => true
]

[]

[]

[]

false