summaryrefslogtreecommitdiffstats
path: root/Http/Firewall
diff options
context:
space:
mode:
Diffstat (limited to 'Http/Firewall')
-rw-r--r--Http/Firewall/AbstractAuthenticationListener.php5
-rw-r--r--Http/Firewall/AnonymousAuthenticationListener.php23
-rw-r--r--Http/Firewall/ContextListener.php2
-rw-r--r--Http/Firewall/ExceptionListener.php3
-rw-r--r--Http/Firewall/RememberMeListener.php9
-rw-r--r--Http/Firewall/RemoteUserAuthenticationListener.php49
-rw-r--r--Http/Firewall/SimpleFormAuthenticationListener.php3
-rw-r--r--Http/Firewall/UsernamePasswordFormAuthenticationListener.php3
8 files changed, 86 insertions, 11 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php
index a67d61c..d89785e 100644
--- a/Http/Firewall/AbstractAuthenticationListener.php
+++ b/Http/Firewall/AbstractAuthenticationListener.php
@@ -15,6 +15,7 @@ use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterfa
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
+use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
@@ -218,8 +219,8 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
$this->securityContext->setToken($token);
$session = $request->getSession();
- $session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
- $session->remove(SecurityContextInterface::LAST_USERNAME);
+ $session->remove(Security::AUTHENTICATION_ERROR);
+ $session->remove(Security::LAST_USERNAME);
if (null !== $this->dispatcher) {
$loginEvent = new InteractiveLoginEvent($request, $token);
diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php
index 446dfec..68f8987 100644
--- a/Http/Firewall/AnonymousAuthenticationListener.php
+++ b/Http/Firewall/AnonymousAuthenticationListener.php
@@ -11,6 +11,8 @@
namespace Symfony\Component\Security\Http\Firewall;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Psr\Log\LoggerInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
@@ -26,12 +28,14 @@ class AnonymousAuthenticationListener implements ListenerInterface
{
private $context;
private $key;
+ private $authenticationManager;
private $logger;
- public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null)
+ public function __construct(SecurityContextInterface $context, $key, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)
{
$this->context = $context;
$this->key = $key;
+ $this->authenticationManager = $authenticationManager;
$this->logger = $logger;
}
@@ -46,10 +50,21 @@ class AnonymousAuthenticationListener implements ListenerInterface
return;
}
- $this->context->setToken(new AnonymousToken($this->key, 'anon.', array()));
+ try {
+ $token = new AnonymousToken($this->key, 'anon.', array());
+ if (null !== $this->authenticationManager) {
+ $token = $this->authenticationManager->authenticate($token);
+ }
- if (null !== $this->logger) {
- $this->logger->info('Populated SecurityContext with an anonymous Token');
+ $this->context->setToken($token);
+
+ if (null !== $this->logger) {
+ $this->logger->info('Populated SecurityContext with an anonymous Token');
+ }
+ } catch (AuthenticationException $failed) {
+ if (null !== $this->logger) {
+ $this->logger->info(sprintf('Anonymous authentication failed: %s', $failed->getMessage()));
+ }
}
}
}
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
index 435c440..e61907e 100644
--- a/Http/Firewall/ContextListener.php
+++ b/Http/Firewall/ContextListener.php
@@ -142,7 +142,7 @@ class ContextListener implements ListenerInterface
*
* @throws \RuntimeException
*/
- private function refreshUser(TokenInterface $token)
+ protected function refreshUser(TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index d0b167e..e224ea3 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Http\Firewall;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
+use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
@@ -146,7 +147,7 @@ class ExceptionListener
}
} elseif (null !== $this->errorPage) {
$subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage);
- $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
+ $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception);
$event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true));
}
diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php
index 6ca3842..44000d3 100644
--- a/Http/Firewall/RememberMeListener.php
+++ b/Http/Firewall/RememberMeListener.php
@@ -33,6 +33,7 @@ class RememberMeListener implements ListenerInterface
private $authenticationManager;
private $logger;
private $dispatcher;
+ private $catchExceptions = true;
/**
* Constructor.
@@ -42,14 +43,16 @@ class RememberMeListener implements ListenerInterface
* @param AuthenticationManagerInterface $authenticationManager
* @param LoggerInterface $logger
* @param EventDispatcherInterface $dispatcher
+ * @param bool $catchExceptions
*/
- public function __construct(SecurityContextInterface $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
+ public function __construct(SecurityContextInterface $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, $catchExceptions = true)
{
$this->securityContext = $securityContext;
$this->rememberMeServices = $rememberMeServices;
$this->authenticationManager = $authenticationManager;
$this->logger = $logger;
$this->dispatcher = $dispatcher;
+ $this->catchExceptions = $catchExceptions;
}
/**
@@ -90,6 +93,10 @@ class RememberMeListener implements ListenerInterface
}
$this->rememberMeServices->loginFail($request);
+
+ if (!$this->catchExceptions) {
+ throw $failed;
+ }
}
}
}
diff --git a/Http/Firewall/RemoteUserAuthenticationListener.php b/Http/Firewall/RemoteUserAuthenticationListener.php
new file mode 100644
index 0000000..f190a17
--- /dev/null
+++ b/Http/Firewall/RemoteUserAuthenticationListener.php
@@ -0,0 +1,49 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Firewall;
+
+use Symfony\Component\Security\Core\SecurityContextInterface;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+
+/**
+ * REMOTE_USER authentication listener.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Maxime Douailin <maxime.douailin@gmail.com>
+ */
+class RemoteUserAuthenticationListener extends AbstractPreAuthenticatedListener
+{
+ private $userKey;
+
+ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'REMOTE_USER', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
+ {
+ parent::__construct($securityContext, $authenticationManager, $providerKey, $logger, $dispatcher);
+
+ $this->userKey = $userKey;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function getPreAuthenticatedData(Request $request)
+ {
+ if (!$request->server->has($this->userKey)) {
+ throw new BadCredentialsException(sprintf('User key was not found: %s', $this->userKey));
+ }
+
+ return array($request->server->get($this->userKey), null);
+ }
+}
diff --git a/Http/Firewall/SimpleFormAuthenticationListener.php b/Http/Firewall/SimpleFormAuthenticationListener.php
index 20ce4f2..103dc50 100644
--- a/Http/Firewall/SimpleFormAuthenticationListener.php
+++ b/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -23,6 +23,7 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerI
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;
+use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Http\HttpUtils;
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
@@ -114,7 +115,7 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener
$password = $request->get($this->options['password_parameter'], null, true);
}
- $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
+ $request->getSession()->set(Security::LAST_USERNAME, $username);
$token = $this->simpleAuthenticator->createToken($request, $username, $password, $this->providerKey);
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
index 36ff758..b857fb3 100644
--- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -25,6 +25,7 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterfac
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -93,7 +94,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
$password = $request->get($this->options['password_parameter'], null, true);
}
- $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
+ $request->getSession()->set(Security::LAST_USERNAME, $username);
return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));
}
generated by cgit v1.1 at 2025-05-12 04:31:04 +0000