Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
620 views
in Technique[技术] by (71.8m points)

security - Using Symfony2's AccessDeniedHandlerInterface

I am trying to get my security stuff setup for symfony2 and I have it working so far, but now I need to do some more fancy things. I am currently using everything dealing with PreAuthentication (I use a third party component for logging in and session management). That part is working great in tandem with the JMS security bundle.

Now I am to the point when I want to catch the users that are throwing 403s so I can just forward them to the login page of the third party component that I am using. I think my best bet is to add an exception handler to the exception listener. I am looking at the AccessDeniedHandlerInterface.

  1. Is this the right direction for me to be going?
  2. How do I add this handler to the exception listener?

EDIT: I ended up doing something similar. I created a service that is prompted on the kernel.exception event. services.yml looks like this:

services:
   kernel.listener.accessDenied:
    class: FullyQualifiedNamespacePathToClass
    tags:
      - { name: kernel.event_listener, event: kernel.exception, method: onAccessDeniedException }

and the class it self:

<?php

namespace FullyQualifiedNamespacePathTo;

use SymfonyComponentHttpKernelEventGetResponseForExceptionEvent,
SymfonyComponentHttpFoundationResponse,
SymfonyComponentSecurityCoreExceptionAccessDeniedException;

class Class
{
  public function onAccessDeniedException(GetResponseForExceptionEvent $event)
  {
    $exception = $event->getException();
    //Get the root cause of the exception.
    while (null !== $exception->getPrevious()) {
      $exception = $exception->getPrevious();
    }
    if ($exception instanceof AccessDeniedException) {
      //Forward to third-party.
    }
  }
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This sounds about right.

Or, if you're specifically interested in AccessDeniedException you could also define access_denied_handler within your firewall in security.yml:

security:
    firewalls:
        my_firewall:
            # ...
            access_denied_handler: kernel.listener.access_denied.handler
            # ...

Then define your service in your services.xml or equivalent:

<parameters>
    <parameter key="kernel.listener.security.class">PathToYourClass</parameter>
</parameters>

<service id="kernel.listener.access_denied.handler" class="%kernel.listener.security.class%">
    <tag name="kernel.event_listener" event="security.kernel_response" method="handle" />
</service>

The handler class:

use SymfonyComponentSecurityHttpAuthorizationAccessDeniedHandlerInterface;

class MyAccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // do something with your exception and return Response object (plain message of rendered template)
    }
}

You can find complete Security reference of Symfony2 here: http://symfony.com/doc/2.8/reference/configuration/security.html


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...