vendor/symfony/security-http/Firewall/AccessListener.php line 99

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <[email protected]>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpKernel\Event\RequestEvent;
  13. use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  16. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  17. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  19. use Symfony\Component\Security\Http\AccessMapInterface;
  20. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  21. /**
  22.  * AccessListener enforces access control rules.
  23.  *
  24.  * @author Fabien Potencier <[email protected]>
  25.  *
  26.  * @final since Symfony 4.3
  27.  */
  28. class AccessListener extends AbstractListener implements ListenerInterface
  29. {
  30.     use LegacyListenerTrait;
  31.     private $tokenStorage;
  32.     private $accessDecisionManager;
  33.     private $map;
  34.     private $authManager;
  35.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapAuthenticationManagerInterface $authManager)
  36.     {
  37.         $this->tokenStorage $tokenStorage;
  38.         $this->accessDecisionManager $accessDecisionManager;
  39.         $this->map $map;
  40.         $this->authManager $authManager;
  41.     }
  42.     /**
  43.      * {@inheritdoc}
  44.      */
  45.     public function supports(Request $request): ?bool
  46.     {
  47.         [$attributes] = $this->map->getPatterns($request);
  48.         $request->attributes->set('_access_control_attributes'$attributes);
  49.         return $attributes && [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes true null;
  50.     }
  51.     /**
  52.      * Handles access authorization.
  53.      *
  54.      * @throws AccessDeniedException
  55.      * @throws AuthenticationCredentialsNotFoundException
  56.      */
  57.     public function authenticate(RequestEvent $event)
  58.     {
  59.         if (!$event instanceof LazyResponseEvent && null === $token $this->tokenStorage->getToken()) {
  60.             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  61.         }
  62.         $request $event->getRequest();
  63.         $attributes $request->attributes->get('_access_control_attributes');
  64.         $request->attributes->remove('_access_control_attributes');
  65.         if (!$attributes || ([AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes && $event instanceof LazyResponseEvent)) {
  66.             return;
  67.         }
  68.         if ($event instanceof LazyResponseEvent && null === $token $this->tokenStorage->getToken()) {
  69.             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
  70.         }
  71.         if (!$token->isAuthenticated()) {
  72.             $token $this->authManager->authenticate($token);
  73.             $this->tokenStorage->setToken($token);
  74.         }
  75.         $granted false;
  76.         foreach ($attributes as $key => $value) {
  77.             if ($this->accessDecisionManager->decide($token, [$key => $value], $request)) {
  78.                 $granted true;
  79.                 break;
  80.             }
  81.         }
  82.         if (!$granted) {
  83.             $exception = new AccessDeniedException();
  84.             $exception->setAttributes($attributes);
  85.             $exception->setSubject($request);
  86.             throw $exception;
  87.         }
  88.     }
  89. }