diff options
| author | Uwe Jäger <uwej711@googlemail.com> | 2012-05-24 15:16:38 +0200 |
|---|---|---|
| committer | Uwe Jäger <uwej711@googlemail.com> | 2012-05-25 10:47:31 +0200 |
| commit | 1b29794dd1b7ee9171ffaf9485c6fe805de72fdb (patch) | |
| tree | fb0a08027df98274e3dd4e5f5066efd44cf2f5ce /Http | |
| parent | 02d2a6142ad1ab2e5f45bbf44263185da9b31d07 (diff) | |
| download | symfony-security-1b29794dd1b7ee9171ffaf9485c6fe805de72fdb.zip symfony-security-1b29794dd1b7ee9171ffaf9485c6fe805de72fdb.tar.gz symfony-security-1b29794dd1b7ee9171ffaf9485c6fe805de72fdb.tar.bz2 | |
Make the session entry for the target url firewall dependent.
If there are two firewalls (eg. main and admin), calling an protected admin url
will direct you to the login form of the admin. If I ignore this and go to the login
form of the main firewall directly I will end up being redirected to the stored
admin target url. This is not what you usually want to happen.
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 4 | ||||
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 6 |
2 files changed, 6 insertions, 4 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 6d95314..1caaf0a 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -271,8 +271,8 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } $session = $request->getSession(); - if ($targetUrl = $session->get('_security.target_path')) { - $session->remove('_security.target_path'); + if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) { + $session->remove('_security.' . $this->providerKey . '.target_path'); return $targetUrl; } diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 05e7d14..1a2d2b6 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -39,6 +39,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; class ExceptionListener { private $context; + private $providerKey; private $accessDeniedHandler; private $authenticationEntryPoint; private $authenticationTrustResolver; @@ -46,11 +47,12 @@ class ExceptionListener private $logger; private $httpUtils; - public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) + public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { $this->context = $context; $this->accessDeniedHandler = $accessDeniedHandler; $this->httpUtils = $httpUtils; + $this->providerKey = $providerKey; $this->authenticationEntryPoint = $authenticationEntryPoint; $this->authenticationTrustResolver = $trustResolver; $this->errorPage = $errorPage; @@ -180,7 +182,7 @@ class ExceptionListener { // session isn't required when using http basic authentication mechanism for example if ($request->hasSession()) { - $request->getSession()->set('_security.target_path', $request->getUri()); + $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri()); } } } |