diff options
| author | Tomasz Szymczyk <karion.ubuntu@gmail.com> | 2013-12-19 13:59:41 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-28 17:11:12 +0100 |
| commit | 64f1ac5c9811d94ff6c580b6a48cc65edacb922e (patch) | |
| tree | 042a5a2ed5b159800831a7a13f7a8d12043b7bfd /Http | |
| parent | 9bb5809ad7745183e0f3636ff3d6b26ffd3b182e (diff) | |
| download | symfony-security-64f1ac5c9811d94ff6c580b6a48cc65edacb922e.zip symfony-security-64f1ac5c9811d94ff6c580b6a48cc65edacb922e.tar.gz symfony-security-64f1ac5c9811d94ff6c580b6a48cc65edacb922e.tar.bz2 | |
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
Diffstat (limited to 'Http')
| -rw-r--r-- | Http/Firewall/ExceptionListener.php | 118 |
1 files changed, 67 insertions, 51 deletions
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php index 075114e..b2aaa04 100644 --- a/Http/Firewall/ExceptionListener.php +++ b/Http/Firewall/ExceptionListener.php @@ -83,79 +83,95 @@ class ExceptionListener $exception = $event->getException(); $request = $event->getRequest(); - // determine the actual cause for the exception - while (null !== $previous = $exception->getPrevious()) { - $exception = $previous; - } - - if ($exception instanceof AuthenticationException) { - if (null !== $this->logger) { - $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); - } - - try { - $response = $this->startAuthentication($request, $exception); - } catch (\Exception $e) { - $event->setException($e); - - return; - } - } elseif ($exception instanceof AccessDeniedException) { - $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - - $token = $this->context->getToken(); - if (!$this->authenticationTrustResolver->isFullFledged($token)) { + while (null !== $exception) { + if ($exception instanceof AuthenticationException) { if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); + $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); } try { - $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); - $insufficientAuthenticationException->setToken($token); - $response = $this->startAuthentication($request, $insufficientAuthenticationException); + $response = $this->startAuthentication($request, $exception); + + break; } catch (\Exception $e) { $event->setException($e); return; } - } else { - if (null !== $this->logger) { - $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); - } + } - try { - if (null !== $this->accessDeniedHandler) { - $response = $this->accessDeniedHandler->handle($request, $exception); + if ($exception instanceof AccessDeniedException) { + $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); - if (!$response instanceof Response) { - return; - } - } elseif (null !== $this->errorPage) { - $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); - $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); + $token = $this->context->getToken(); + if (!$this->authenticationTrustResolver->isFullFledged($token)) { + if (null !== $this->logger) { + $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); + } + + try { + $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); + $insufficientAuthenticationException->setToken($token); + $response = $this->startAuthentication($request, $insufficientAuthenticationException); + + break; + } catch (\Exception $e) { + $event->setException($e); - $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); - } else { return; } - } catch (\Exception $e) { + } else { if (null !== $this->logger) { - $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); + $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); } - $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); + try { + if (null !== $this->accessDeniedHandler) { + $response = $this->accessDeniedHandler->handle($request, $exception); - return; + if (!$response instanceof Response) { + return; + } + + break; + } + + if (null !== $this->errorPage) { + $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); + $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); + + $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); + + break; + } + + return; + + } catch (\Exception $e) { + if (null !== $this->logger) { + $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); + } + + $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); + + return; + } + } + } + + if ($exception instanceof LogoutException) { + if (null !== $this->logger) { + $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); } + + return; } - } elseif ($exception instanceof LogoutException) { - if (null !== $this->logger) { - $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); + + if (null === $exception->getPrevious()) { + return; } - return; - } else { - return; + $exception = $exception->getPrevious(); } $event->setResponse($response); |