vendor/symfony/security-http/Firewall/AccessListener.php line 85

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  18. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  19. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  20. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  21. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  23. use Symfony\Component\Security\Http\AccessMapInterface;
  24. use Symfony\Component\Security\Http\Authentication\NoopAuthenticationManager;
  25. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  27. /**
  28.  * AccessListener enforces access control rules.
  29.  *
  30.  * @author Fabien Potencier <fabien@symfony.com>
  31.  *
  32.  * @final
  33.  */
  34. class AccessListener extends AbstractListener
  35. {
  36.     private $tokenStorage;
  37.     private $accessDecisionManager;
  38.     private $map;
  39.     private $authManager;
  40.     private $exceptionOnNoToken;
  42.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $map/* bool */ $exceptionOnNoToken true)
  43.     {
  44.         if ($exceptionOnNoToken instanceof AuthenticationManagerInterface) {
  45.             trigger_deprecation('symfony/security-http''5.4''The $authManager argument of "%s" is deprecated.'__METHOD__);
  46.             $authManager $exceptionOnNoToken;
  47.             $exceptionOnNoToken \func_num_args() > func_get_arg(4) : true;
  48.         }
  50.         if (false !== $exceptionOnNoToken) {
  51.             trigger_deprecation('symfony/security-http''5.4''Not setting the $exceptionOnNoToken argument of "%s" to "false" is deprecated.'__METHOD__);
  52.         }
  54.         $this->tokenStorage $tokenStorage;
  55.         $this->accessDecisionManager $accessDecisionManager;
  56.         $this->map $map;
  57.         $this->authManager $authManager ?? (class_exists(AuthenticationManagerInterface::class) ? new NoopAuthenticationManager() : null);
  58.         $this->exceptionOnNoToken $exceptionOnNoToken;
  59.     }
  61.     /**
  62.      * {@inheritdoc}
  63.      */
  64.     public function supports(Request $request): ?bool
  65.     {
  66.         [$attributes] = $this->map->getPatterns($request);
  67.         $request->attributes->set('_access_control_attributes'$attributes);
  69.         if ($attributes && (
  70.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes true)
  71.             && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes
  72.         )) {
  73.             return true;
  74.         }
  76.         return null;
  77.     }
  79.     /**
  80.      * Handles access authorization.
  81.      *
  82.      * @throws AccessDeniedException
  83.      * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
  84.      */
  85.     public function authenticate(RequestEvent $event)
  86.     {
  87.         if (!$event instanceof LazyResponseEvent && null === ($token $this->tokenStorage->getToken()) && $this->exceptionOnNoToken) {
  88.             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  89.         }
  91.         $request $event->getRequest();
  93.         $attributes $request->attributes->get('_access_control_attributes');
  94.         $request->attributes->remove('_access_control_attributes');
  96.         if (!$attributes || ((
  97.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes false)
  98.             || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes
  99.         ) && $event instanceof LazyResponseEvent)) {
  100.             return;
  101.         }
  103.         if ($event instanceof LazyResponseEvent) {
  104.             $token $this->tokenStorage->getToken();
  105.         }
  107.         if (null === $token) {
  108.             if ($this->exceptionOnNoToken) {
  109.                 throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  110.             }
  112.             $token = new NullToken();
  113.         }
  115.         // @deprecated since Symfony 5.4
  116.         if (method_exists($token'isAuthenticated') && !$token->isAuthenticated(false)) {
  117.             trigger_deprecation('symfony/core''5.4''Returning false from "%s::isAuthenticated()" is deprecated, return null from "getUser()" instead.'get_debug_type($token));
  119.             if ($this->authManager) {
  120.                 $token $this->authManager->authenticate($token);
  121.                 $this->tokenStorage->setToken($token);
  122.             }
  123.         }
  125.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  126.             throw $this->createAccessDeniedException($request$attributes);
  127.         }
  128.     }
  130.     private function createAccessDeniedException(Request $request, array $attributes)
  131.     {
  132.         $exception = new AccessDeniedException();
  133.         $exception->setAttributes($attributes);
  134.         $exception->setSubject($request);
  136.         return $exception;
  137.     }
  139.     public static function getPriority(): int
  140.     {
  141.         return -255;
  142.     }
  143. }