summaryrefslogtreecommitdiffstats
path: root/Http/Firewall
diff options
context:
space:
mode:
Diffstat (limited to 'Http/Firewall')
-rw-r--r--Http/Firewall/AbstractAuthenticationListener.php4
-rw-r--r--Http/Firewall/AbstractPreAuthenticatedListener.php14
-rw-r--r--Http/Firewall/AnonymousAuthenticationListener.php4
-rw-r--r--Http/Firewall/BasicAuthenticationListener.php4
-rw-r--r--Http/Firewall/ChannelListener.php6
-rw-r--r--Http/Firewall/ContextListener.php30
-rw-r--r--Http/Firewall/DigestAuthenticationListener.php10
-rw-r--r--Http/Firewall/ExceptionListener.php16
-rw-r--r--Http/Firewall/RememberMeListener.php6
-rw-r--r--Http/Firewall/SimplePreAuthenticationListener.php4
-rw-r--r--Http/Firewall/SwitchUserListener.php2
11 files changed, 51 insertions, 49 deletions
diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php
index d96df70..09a4f55 100644
--- a/Http/Firewall/AbstractAuthenticationListener.php
+++ b/Http/Firewall/AbstractAuthenticationListener.php
@@ -193,7 +193,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
private function onFailure(Request $request, AuthenticationException $failed)
{
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication request failed: %s', $failed->getMessage()));
+ $this->logger->info('Authentication request failed.', array('exception' => $failed));
}
$token = $this->tokenStorage->getToken();
@@ -213,7 +213,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
private function onSuccess(Request $request, TokenInterface $token)
{
if (null !== $this->logger) {
- $this->logger->info(sprintf('User "%s" has been authenticated successfully', $token->getUsername()));
+ $this->logger->info('User has been authenticated successfully.', array('username' => $token->getUsername()));
}
$this->tokenStorage->setToken($token);
diff --git a/Http/Firewall/AbstractPreAuthenticatedListener.php b/Http/Firewall/AbstractPreAuthenticatedListener.php
index e1b9f1a..5ed8aa7 100644
--- a/Http/Firewall/AbstractPreAuthenticatedListener.php
+++ b/Http/Firewall/AbstractPreAuthenticatedListener.php
@@ -56,10 +56,6 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
{
$request = $event->getRequest();
- if (null !== $this->logger) {
- $this->logger->debug(sprintf('Checking secure context token: %s', $this->tokenStorage->getToken()));
- }
-
try {
list($user, $credentials) = $this->getPreAuthenticatedData($request);
} catch (BadCredentialsException $exception) {
@@ -68,6 +64,10 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
return;
}
+ if (null !== $this->logger) {
+ $this->logger->debug('Checking current security token.', array('token' => (string) $this->tokenStorage->getToken()));
+ }
+
if (null !== $token = $this->tokenStorage->getToken()) {
if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getProviderKey() && $token->isAuthenticated() && $token->getUsername() === $user) {
return;
@@ -75,14 +75,14 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->debug(sprintf('Trying to pre-authenticate user "%s"', $user));
+ $this->logger->debug('Trying to pre-authenticate user.', array('username' => (string) $user));
}
try {
$token = $this->authenticationManager->authenticate(new PreAuthenticatedToken($user, $credentials, $this->providerKey));
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication success: %s', $token));
+ $this->logger->info('Pre-authentication successful.', array('token' => (string) $token));
}
$this->tokenStorage->setToken($token);
@@ -107,7 +107,7 @@ abstract class AbstractPreAuthenticatedListener implements ListenerInterface
$this->tokenStorage->setToken(null);
if (null !== $this->logger) {
- $this->logger->info(sprintf("Cleared security context due to exception: %s", $exception->getMessage()));
+ $this->logger->info('Cleared security token due to an exception.', array('exception' => $exception));
}
}
}
diff --git a/Http/Firewall/AnonymousAuthenticationListener.php b/Http/Firewall/AnonymousAuthenticationListener.php
index b5d807c..f7feee8 100644
--- a/Http/Firewall/AnonymousAuthenticationListener.php
+++ b/Http/Firewall/AnonymousAuthenticationListener.php
@@ -59,11 +59,11 @@ class AnonymousAuthenticationListener implements ListenerInterface
$this->tokenStorage->setToken($token);
if (null !== $this->logger) {
- $this->logger->info('Populated TokenStorage with an anonymous Token');
+ $this->logger->info('Populated the TokenStorage with an anonymous Token.');
}
} catch (AuthenticationException $failed) {
if (null !== $this->logger) {
- $this->logger->info(sprintf('Anonymous authentication failed: %s', $failed->getMessage()));
+ $this->logger->info('Anonymous authentication failed.', array('exception' => $failed));
}
}
}
diff --git a/Http/Firewall/BasicAuthenticationListener.php b/Http/Firewall/BasicAuthenticationListener.php
index 7d89eee..11ae8f9 100644
--- a/Http/Firewall/BasicAuthenticationListener.php
+++ b/Http/Firewall/BasicAuthenticationListener.php
@@ -67,7 +67,7 @@ class BasicAuthenticationListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->info(sprintf('Basic Authentication Authorization header found for user "%s"', $username));
+ $this->logger->info('Basic authentication Authorization header found for user.', array('username' => $username));
}
try {
@@ -80,7 +80,7 @@ class BasicAuthenticationListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication request failed for user "%s": %s', $username, $failed->getMessage()));
+ $this->logger->info('Basic authentication failed for user.', array('username' => $username, 'exception' => $failed));
}
if ($this->ignoreFailure) {
diff --git a/Http/Firewall/ChannelListener.php b/Http/Firewall/ChannelListener.php
index 9e4a6ee..637a7f5 100644
--- a/Http/Firewall/ChannelListener.php
+++ b/Http/Firewall/ChannelListener.php
@@ -44,11 +44,11 @@ class ChannelListener implements ListenerInterface
{
$request = $event->getRequest();
- list($attributes, $channel) = $this->map->getPatterns($request);
+ list(, $channel) = $this->map->getPatterns($request);
if ('https' === $channel && !$request->isSecure()) {
if (null !== $this->logger) {
- $this->logger->info('Redirecting to HTTPS');
+ $this->logger->info('Redirecting to HTTPS.');
}
$response = $this->authenticationEntryPoint->start($request);
@@ -60,7 +60,7 @@ class ChannelListener implements ListenerInterface
if ('http' === $channel && $request->isSecure()) {
if (null !== $this->logger) {
- $this->logger->info('Redirecting to HTTP');
+ $this->logger->info('Redirecting to HTTP.');
}
$response = $this->authenticationEntryPoint->start($request);
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
index 7439f8d..8df0d34 100644
--- a/Http/Firewall/ContextListener.php
+++ b/Http/Firewall/ContextListener.php
@@ -34,6 +34,7 @@ class ContextListener implements ListenerInterface
{
private $tokenStorage;
private $contextKey;
+ private $sessionKey;
private $logger;
private $userProviders;
private $dispatcher;
@@ -54,12 +55,13 @@ class ContextListener implements ListenerInterface
$this->tokenStorage = $tokenStorage;
$this->userProviders = $userProviders;
$this->contextKey = $contextKey;
+ $this->sessionKey = '_security_'.$contextKey;
$this->logger = $logger;
$this->dispatcher = $dispatcher;
}
/**
- * Reads the SecurityContext from the session.
+ * Reads the Security Token from the session.
*
* @param GetResponseEvent $event A GetResponseEvent instance
*/
@@ -73,7 +75,7 @@ class ContextListener implements ListenerInterface
$request = $event->getRequest();
$session = $request->hasPreviousSession() ? $request->getSession() : null;
- if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
+ if (null === $session || null === $token = $session->get($this->sessionKey)) {
$this->tokenStorage->setToken(null);
return;
@@ -82,14 +84,14 @@ class ContextListener implements ListenerInterface
$token = unserialize($token);
if (null !== $this->logger) {
- $this->logger->debug('Read SecurityContext from the session');
+ $this->logger->debug('Read existing security token from the session.', array('key' => $this->sessionKey));
}
if ($token instanceof TokenInterface) {
$token = $this->refreshUser($token);
} elseif (null !== $token) {
if (null !== $this->logger) {
- $this->logger->warning(sprintf('Session includes a "%s" where a security token is expected', is_object($token) ? get_class($token) : gettype($token)));
+ $this->logger->warning('Expected a security token from the session, got something else.', array('key' => $this->sessionKey, 'received' => $token));
}
$token = null;
@@ -113,10 +115,6 @@ class ContextListener implements ListenerInterface
return;
}
- if (null !== $this->logger) {
- $this->logger->debug('Write SecurityContext in the session');
- }
-
$request = $event->getRequest();
$session = $request->getSession();
@@ -126,10 +124,14 @@ class ContextListener implements ListenerInterface
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
if ($request->hasPreviousSession()) {
- $session->remove('_security_'.$this->contextKey);
+ $session->remove($this->sessionKey);
}
} else {
- $session->set('_security_'.$this->contextKey, serialize($token));
+ $session->set($this->sessionKey, serialize($token));
+
+ if (null !== $this->logger) {
+ $this->logger->debug('Stored the security token in the session.', array('key' => $this->sessionKey));
+ }
}
}
@@ -149,17 +151,13 @@ class ContextListener implements ListenerInterface
return $token;
}
- if (null !== $this->logger) {
- $this->logger->debug(sprintf('Reloading user from user provider.'));
- }
-
foreach ($this->userProviders as $provider) {
try {
$refreshedUser = $provider->refreshUser($user);
$token->setUser($refreshedUser);
if (null !== $this->logger) {
- $this->logger->debug(sprintf('Username "%s" was reloaded from user provider.', $refreshedUser->getUsername()));
+ $this->logger->debug('User was reloaded from a user provider.', array('username' => $refreshedUser->getUsername(), 'provider' => get_class($provider)));
}
return $token;
@@ -167,7 +165,7 @@ class ContextListener implements ListenerInterface
// let's try the next user provider
} catch (UsernameNotFoundException $notFound) {
if (null !== $this->logger) {
- $this->logger->warning(sprintf('Username "%s" could not be found.', $notFound->getUsername()));
+ $this->logger->warning('Username could not be found in the selected user provider.', array('username' => $notFound->getUsername(), 'provider' => get_class($provider)));
}
return;
diff --git a/Http/Firewall/DigestAuthenticationListener.php b/Http/Firewall/DigestAuthenticationListener.php
index 5095292..e459152 100644
--- a/Http/Firewall/DigestAuthenticationListener.php
+++ b/Http/Firewall/DigestAuthenticationListener.php
@@ -74,7 +74,7 @@ class DigestAuthenticationListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->debug(sprintf('Digest Authorization header received from user agent: %s', $header));
+ $this->logger->debug('Digest Authorization header received from user agent.', array('header' => $header));
}
try {
@@ -89,7 +89,7 @@ class DigestAuthenticationListener implements ListenerInterface
$user = $this->provider->loadUserByUsername($digestAuth->getUsername());
if (null === $user) {
- throw new AuthenticationServiceException('AuthenticationDao returned null, which is an interface contract violation');
+ throw new AuthenticationServiceException('Digest User provider returned null, which is an interface contract violation');
}
$serverDigestMd5 = $digestAuth->calculateServerDigest($user->getPassword(), $request->getMethod());
@@ -101,7 +101,7 @@ class DigestAuthenticationListener implements ListenerInterface
if ($serverDigestMd5 !== $digestAuth->getResponse()) {
if (null !== $this->logger) {
- $this->logger->debug(sprintf("Expected response: '%s' but received: '%s'; is AuthenticationDao returning clear text passwords?", $serverDigestMd5, $digestAuth->getResponse()));
+ $this->logger->debug("Unexpected response from the DigestAuth received; is the header returning a clear text passwords?", array('expected' => $serverDigestMd5, 'received' => $digestAuth->getResponse()));
}
$this->fail($event, $request, new BadCredentialsException('Incorrect response'));
@@ -116,7 +116,7 @@ class DigestAuthenticationListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication success for user "%s" with response "%s"', $digestAuth->getUsername(), $digestAuth->getResponse()));
+ $this->logger->info('Digest authentication successful.', array('username' => $digestAuth->getUsername(), 'received' => $digestAuth->getResponse()));
}
$this->tokenStorage->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey));
@@ -130,7 +130,7 @@ class DigestAuthenticationListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->info($authException);
+ $this->logger->info('Digest authentication failed.', array('exception' => $authException));
}
$event->setResponse($this->authenticationEntryPoint->start($request, $authException));
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index c6a3ea3..7001532 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -102,7 +102,7 @@ class ExceptionListener
private function handleAuthenticationException(GetResponseForExceptionEvent $event, AuthenticationException $exception)
{
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));
+ $this->logger->info('An AuthenticationException was thrown; redirecting to authentication entry point.', array('exception' => $exception));
}
try {
@@ -119,7 +119,7 @@ class ExceptionListener
$token = $this->tokenStorage->getToken();
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
if (null !== $this->logger) {
- $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine()));
+ $this->logger->debug('Access denied, the user is not fully authenticated; redirecting to authentication entry point.', array('exception' => $exception));
}
try {
@@ -135,7 +135,7 @@ class ExceptionListener
}
if (null !== $this->logger) {
- $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine()));
+ $this->logger->debug('Access denied, the user is neither anonymous, nor remember-me.', array('exception' => $exception));
}
try {
@@ -153,7 +153,7 @@ class ExceptionListener
}
} catch (\Exception $e) {
if (null !== $this->logger) {
- $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage()));
+ $this->logger->error('An exception was thrown when handling an AccessDeniedException.', array('exception' => $e));
}
$event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e));
@@ -163,7 +163,7 @@ class ExceptionListener
private function handleLogoutException(GetResponseForExceptionEvent $event, LogoutException $exception)
{
if (null !== $this->logger) {
- $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
+ $this->logger->info('A LogoutException was thrown.', array('exception' => $exception));
}
}
@@ -182,7 +182,7 @@ class ExceptionListener
}
if (null !== $this->logger) {
- $this->logger->debug('Calling Authentication entry point');
+ $this->logger->debug('Calling Authentication entry point.');
}
$this->setTargetPath($request);
@@ -190,6 +190,10 @@ class ExceptionListener
if ($authException instanceof AccountStatusException) {
// remove the security token to prevent infinite redirect loops
$this->tokenStorage->setToken(null);
+
+ if (null !== $this->logger) {
+ $this->logger->info('The security token was removed due to an AccountStatusException.', array('exception' => $authException));
+ }
}
return $this->authenticationEntryPoint->start($request, $authException);
diff --git a/Http/Firewall/RememberMeListener.php b/Http/Firewall/RememberMeListener.php
index 828550e..e34627c 100644
--- a/Http/Firewall/RememberMeListener.php
+++ b/Http/Firewall/RememberMeListener.php
@@ -81,14 +81,14 @@ class RememberMeListener implements ListenerInterface
}
if (null !== $this->logger) {
- $this->logger->debug('Token storage populated with remember-me token.');
+ $this->logger->debug('Populated the token storage with a remember-me token.');
}
} catch (AuthenticationException $failed) {
if (null !== $this->logger) {
$this->logger->warning(
- 'Token storage not populated with remember-me token as the'
+ 'The token storage was not populated with remember-me token as the'
.' AuthenticationManager rejected the AuthenticationToken returned'
- .' by the RememberMeServices: '.$failed->getMessage()
+ .' by the RememberMeServices.', array('exception' => $failed)
);
}
diff --git a/Http/Firewall/SimplePreAuthenticationListener.php b/Http/Firewall/SimplePreAuthenticationListener.php
index afd2a17..8f1f6fd 100644
--- a/Http/Firewall/SimplePreAuthenticationListener.php
+++ b/Http/Firewall/SimplePreAuthenticationListener.php
@@ -73,7 +73,7 @@ class SimplePreAuthenticationListener implements ListenerInterface
$request = $event->getRequest();
if (null !== $this->logger) {
- $this->logger->info(sprintf('Attempting simple pre-authorization %s', $this->providerKey));
+ $this->logger->info('Attempting SimplePreAuthentication.', array('key' => $this->providerKey, 'authenticator' => get_class($this->simpleAuthenticator)));
}
if (null !== $this->tokenStorage->getToken() && !$this->tokenStorage->getToken() instanceof AnonymousToken) {
@@ -99,7 +99,7 @@ class SimplePreAuthenticationListener implements ListenerInterface
$this->tokenStorage->setToken(null);
if (null !== $this->logger) {
- $this->logger->info(sprintf('Authentication request failed: %s', $e->getMessage()));
+ $this->logger->info('SimplePreAuthentication request failed.', array('exception' => $e, 'authenticator' => get_class($this->simpleAuthenticator)));
}
if ($this->simpleAuthenticator instanceof AuthenticationFailureHandlerInterface) {
diff --git a/Http/Firewall/SwitchUserListener.php b/Http/Firewall/SwitchUserListener.php
index 9ec9647..5fc56e7 100644
--- a/Http/Firewall/SwitchUserListener.php
+++ b/Http/Firewall/SwitchUserListener.php
@@ -127,7 +127,7 @@ class SwitchUserListener implements ListenerInterface
$username = $request->get($this->usernameParameter);
if (null !== $this->logger) {
- $this->logger->info(sprintf('Attempt to switch to user "%s"', $username));
+ $this->logger->info('Attempting to switch to user.', array('username' => $username));
}
$user = $this->provider->loadUserByUsername($username);
generated by cgit v1.1 at 2025-06-07 14:51:51 +0000