diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-29 15:43:38 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-29 15:43:38 +0100 |
| commit | 1d7396ae0b4d14f2a7e84436afc10d65d75ba644 (patch) | |
| tree | 01aa2a275c238671960594cd0446e1098b65398d /Http | |
| parent | 97325c1041507924753cf285f4a4bb00ab429fc9 (diff) | |
| parent | 2e3d0a88a68a3347fa2c0a48d16f79c5e884c993 (diff) | |
| download | symfony-security-1d7396ae0b4d14f2a7e84436afc10d65d75ba644.zip symfony-security-1d7396ae0b4d14f2a7e84436afc10d65d75ba644.tar.gz symfony-security-1d7396ae0b4d14f2a7e84436afc10d65d75ba644.tar.bz2 | |
Merge branch '2.3' into 2.4
* 2.3:
[Security] made code easier to understand, added some missing unit tests
[DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
[DomCrawler] Fixed creating form objects from form nodes.
disabled php.ini changes when using HHVM in .travis.yml
[Process] fixed HHVM support
Add support for HHVM in the getting of the PHP executable
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 113 |
1 files changed, 56 insertions, 57 deletions
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 6649959..d0b167e 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -87,84 +87,83 @@ class ExceptionListener public function onKernelException(GetResponseForExceptionEvent $event) { $exception = $event->getException(); - $request = $event->getRequest(); + do { + if ($exception instanceof AuthenticationException) { + return $this->handleAuthenticationException($event, $exception); + } elseif ($exception instanceof AccessDeniedException) { + return $this->handleAccessDeniedException($event, $exception); + } elseif ($exception instanceof LogoutException) { + return $this->handleLogoutException($event, $exception); + } + } while (null !== $exception = $exception->getPrevious()); + } - // determine the actual cause for the exception - while (null !== $previous = $exception->getPrevious()) { - $exception = $previous; + private function handleAuthenticationException(GetResponseForExceptionEvent $event, AuthenticationException $exception) + { + if (null !== $this->logger) { + $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); } - if ($exception instanceof AuthenticationException) { + try { + $event->setResponse($this->startAuthentication($event->getRequest(), $exception)); + } catch (\Exception $e) { + $event->setException($e); + } + } + + private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception) + { + $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); + + $token = $this->context->getToken(); + if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); + $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); } try { - $response = $this->startAuthentication($request, $exception); + $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); + $insufficientAuthenticationException->setToken($token); + + $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException)); } catch (\Exception $e) { $event->setException($e); - - return; } - } elseif ($exception instanceof AccessDeniedException) { - $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - $token = $this->context->getToken(); - if (!$this->authenticationTrustResolver->isFullFledged($token)) { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); - } + return; + } + + if (null !== $this->logger) { + $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); + } - try { - $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); - $insufficientAuthenticationException->setToken($token); - $response = $this->startAuthentication($request, $insufficientAuthenticationException); - } catch (\Exception $e) { - $event->setException($e); + try { + if (null !== $this->accessDeniedHandler) { + $response = $this->accessDeniedHandler->handle($event->getRequest(), $exception); - return; - } - } else { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); + if ($response instanceof Response) { + $event->setResponse($response); } + } elseif (null !== $this->errorPage) { + $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage); + $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); - try { - if (null !== $this->accessDeniedHandler) { - $response = $this->accessDeniedHandler->handle($request, $exception); - - if (!$response instanceof Response) { - return; - } - } elseif (null !== $this->errorPage) { - $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); - $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); - - $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); - } else { - return; - } - } catch (\Exception $e) { - if (null !== $this->logger) { - $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); - } - - $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); - - return; - } + $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true)); } - } elseif ($exception instanceof LogoutException) { + } catch (\Exception $e) { if (null !== $this->logger) { - $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); } - return; - } else { - return; + $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); } + } - $event->setResponse($response); + private function handleLogoutException(GetResponseForExceptionEvent $event, LogoutException $exception) + { + if (null !== $this->logger) { + $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + } } /** |