vendor/symfony/security-http/Firewall/AccessListener.php line 42

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  18. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  19. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  20. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  21. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  23. use Symfony\Component\Security\Http\AccessMapInterface;
  24. use Symfony\Component\Security\Http\Authentication\NoopAuthenticationManager;
  25. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  27. /**
  28. * AccessListener enforces access control rules.
  29. *
  30. * @author Fabien Potencier <fabien@symfony.com>
  31. *
  32. * @final
  33. */
  34. class AccessListener extends AbstractListener
  35. {
  36. private $tokenStorage;
  37. private $accessDecisionManager;
  38. private $map;
  39. private $authManager;
  40. private $exceptionOnNoToken;
  42. public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, /* bool */ $exceptionOnNoToken = true)
  43. {
  44. if ($exceptionOnNoToken instanceof AuthenticationManagerInterface) {
  45. trigger_deprecation('symfony/security-http', '5.4', 'The $authManager argument of "%s" is deprecated.', __METHOD__);
  46. $authManager = $exceptionOnNoToken;
  47. $exceptionOnNoToken = \func_num_args() > 4 ? func_get_arg(4) : true;
  48. }
  50. if (false !== $exceptionOnNoToken) {
  51. trigger_deprecation('symfony/security-http', '5.4', 'Not setting the $exceptionOnNoToken argument of "%s" to "false" is deprecated.', __METHOD__);
  52. }
  54. $this->tokenStorage = $tokenStorage;
  55. $this->accessDecisionManager = $accessDecisionManager;
  56. $this->map = $map;
  57. $this->authManager = $authManager ?? (class_exists(AuthenticationManagerInterface::class) ? new NoopAuthenticationManager() : null);
  58. $this->exceptionOnNoToken = $exceptionOnNoToken;
  59. }
  61. /**
  62. * {@inheritdoc}
  63. */
  64. public function supports(Request $request): ?bool
  65. {
  66. [$attributes] = $this->map->getPatterns($request);
  67. $request->attributes->set('_access_control_attributes', $attributes);
  69. if ($attributes && (
  70. (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes : true)
  71. && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes
  72. )) {
  73. return true;
  74. }
  76. return null;
  77. }
  79. /**
  80. * Handles access authorization.
  81. *
  82. * @throws AccessDeniedException
  83. * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
  84. */
  85. public function authenticate(RequestEvent $event)
  86. {
  87. if (!$event instanceof LazyResponseEvent && null === ($token = $this->tokenStorage->getToken()) && $this->exceptionOnNoToken) {
  88. throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  89. }
  91. $request = $event->getRequest();
  93. $attributes = $request->attributes->get('_access_control_attributes');
  94. $request->attributes->remove('_access_control_attributes');
  96. if (!$attributes || ((
  97. (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes : false)
  98. || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes
  99. ) && $event instanceof LazyResponseEvent)) {
  100. return;
  101. }
  103. if ($event instanceof LazyResponseEvent) {
  104. $token = $this->tokenStorage->getToken();
  105. }
  107. if (null === $token) {
  108. if ($this->exceptionOnNoToken) {
  109. throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  110. }
  112. $token = new NullToken();
  113. }
  115. // @deprecated since Symfony 5.4
  116. if (method_exists($token, 'isAuthenticated') && !$token->isAuthenticated(false)) {
  117. trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s::isAuthenticated()" is deprecated, return null from "getUser()" instead.', get_debug_type($token));
  119. if ($this->authManager) {
  120. $token = $this->authManager->authenticate($token);
  121. $this->tokenStorage->setToken($token);
  122. }
  123. }
  125. if (!$this->accessDecisionManager->decide($token, $attributes, $request, true)) {
  126. throw $this->createAccessDeniedException($request, $attributes);
  127. }
  128. }
  130. private function createAccessDeniedException(Request $request, array $attributes)
  131. {
  132. $exception = new AccessDeniedException();
  133. $exception->setAttributes($attributes);
  134. $exception->setSubject($request);
  136. return $exception;
  137. }
  139. public static function getPriority(): int
  140. {
  141. return -255;
  142. }
  143. }