vendor/symfony/security-http/Firewall/AccessListener.php line 113

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  18. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  19. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  20. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  21. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  22. use Symfony\Component\Security\Http\AccessMapInterface;
  23. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  25. /**
  26.  * AccessListener enforces access control rules.
  27.  *
  28.  * @author Fabien Potencier <fabien@symfony.com>
  29.  *
  30.  * @final
  31.  */
  32. class AccessListener extends AbstractListener
  33. {
  34.     const PUBLIC_ACCESS 'PUBLIC_ACCESS';
  36.     private $tokenStorage;
  37.     private $accessDecisionManager;
  38.     private $map;
  39.     private $authManager;
  40.     private $exceptionOnNoToken;
  42.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapAuthenticationManagerInterface $authManagerbool $exceptionOnNoToken true)
  43.     {
  44.         $this->tokenStorage $tokenStorage;
  45.         $this->accessDecisionManager $accessDecisionManager;
  46.         $this->map $map;
  47.         $this->authManager $authManager;
  48.         $this->exceptionOnNoToken $exceptionOnNoToken;
  49.     }
  51.     /**
  52.      * {@inheritdoc}
  53.      */
  54.     public function supports(Request $request): ?bool
  55.     {
  56.         [$attributes] = $this->map->getPatterns($request);
  57.         $request->attributes->set('_access_control_attributes'$attributes);
  59.         return $attributes && ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes && [self::PUBLIC_ACCESS] !== $attributes) ? true null;
  60.     }
  62.     /**
  63.      * Handles access authorization.
  64.      *
  65.      * @throws AccessDeniedException
  66.      * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
  67.      */
  68.     public function authenticate(RequestEvent $event)
  69.     {
  70.         if (!$event instanceof LazyResponseEvent && null === ($token $this->tokenStorage->getToken()) && $this->exceptionOnNoToken) {
  71.             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  72.         }
  74.         $request $event->getRequest();
  76.         $attributes $request->attributes->get('_access_control_attributes');
  77.         $request->attributes->remove('_access_control_attributes');
  79.         if (!$attributes || ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes && $event instanceof LazyResponseEvent)) {
  80.             return;
  81.         }
  83.         if ($event instanceof LazyResponseEvent) {
  84.             $token $this->tokenStorage->getToken();
  85.         }
  87.         if (null === $token) {
  88.             if ($this->exceptionOnNoToken) {
  89.                 throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  90.             }
  92.             if ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes) {
  93.                 trigger_deprecation('symfony/security-http''5.1''Using "IS_AUTHENTICATED_ANONYMOUSLY" in your access_control rules when using the authenticator Security system is deprecated, use "PUBLIC_ACCESS" instead.');
  95.                 return;
  96.             }
  98.             if ([self::PUBLIC_ACCESS] !== $attributes) {
  99.                 throw $this->createAccessDeniedException($request$attributes);
  100.             }
  101.         }
  103.         if ([self::PUBLIC_ACCESS] === $attributes) {
  104.             return;
  105.         }
  107.         if (!$token->isAuthenticated()) {
  108.             $token $this->authManager->authenticate($token);
  109.             $this->tokenStorage->setToken($token);
  110.         }
  112.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  113.             throw $this->createAccessDeniedException($request$attributes);
  114.         }
  115.     }
  117.     private function createAccessDeniedException(Request $request, array $attributes)
  118.     {
  119.         $exception = new AccessDeniedException();
  120.         $exception->setAttributes($attributes);
  121.         $exception->setSubject($request);
  123.         return $exception;
  124.     }
  125. }