vendor/symfony/security-http/Firewall/AccessListener.php line 106

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpKernel\Event\RequestEvent;
  13. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  17. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  18. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  19. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  20. use Symfony\Component\Security\Http\AccessMapInterface;
  21. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  22. /**
  23.  * AccessListener enforces access control rules.
  24.  *
  25.  * @author Fabien Potencier <fabien@symfony.com>
  26.  *
  27.  * @final
  28.  */
  29. class AccessListener extends AbstractListener
  30. {
  31.     private $tokenStorage;
  32.     private $accessDecisionManager;
  33.     private $map;
  34.     private $authManager;
  35.     private $exceptionOnNoToken;
  36.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapAuthenticationManagerInterface $authManagerbool $exceptionOnNoToken true)
  37.     {
  38.         $this->tokenStorage $tokenStorage;
  39.         $this->accessDecisionManager $accessDecisionManager;
  40.         $this->map $map;
  41.         $this->authManager $authManager;
  42.         $this->exceptionOnNoToken $exceptionOnNoToken;
  43.     }
  44.     /**
  45.      * {@inheritdoc}
  46.      */
  47.     public function supports(Request $request): ?bool
  48.     {
  49.         [$attributes] = $this->map->getPatterns($request);
  50.         $request->attributes->set('_access_control_attributes'$attributes);
  51.         return $attributes && ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes) ? true null;
  52.     }
  53.     /**
  54.      * Handles access authorization.
  55.      *
  56.      * @throws AccessDeniedException
  57.      * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
  58.      */
  59.     public function authenticate(RequestEvent $event)
  60.     {
  61.         if (!$event instanceof LazyResponseEvent && null === ($token $this->tokenStorage->getToken()) && $this->exceptionOnNoToken) {
  62.             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  63.         }
  64.         $request $event->getRequest();
  65.         $attributes $request->attributes->get('_access_control_attributes');
  66.         $request->attributes->remove('_access_control_attributes');
  67.         if (
  68.             !$attributes
  69.             || (
  70.                 ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes)
  71.                 && $event instanceof LazyResponseEvent
  72.             )
  73.         ) {
  74.             return;
  75.         }
  76.         if ($event instanceof LazyResponseEvent) {
  77.             $token $this->tokenStorage->getToken();
  78.         }
  79.         if (null === $token) {
  80.             if ($this->exceptionOnNoToken) {
  81.                 throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  82.             }
  83.             $token = new NullToken();
  84.         }
  85.         if (!$token->isAuthenticated()) {
  86.             $token $this->authManager->authenticate($token);
  87.             $this->tokenStorage->setToken($token);
  88.         }
  89.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  90.             throw $this->createAccessDeniedException($request$attributes);
  91.         }
  92.     }
  93.     private function createAccessDeniedException(Request $request, array $attributes)
  94.     {
  95.         $exception = new AccessDeniedException();
  96.         $exception->setAttributes($attributes);
  97.         $exception->setSubject($request);
  98.         return $exception;
  99.     }
  100.     public static function getPriority(): int
  101.     {
  102.         return -255;
  103.     }
  104. }