Skip to content

AccessDeniedException is logged as a CRITICAL whenever authentication is required #27608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
junowilderness opened this issue Jun 14, 2018 · 3 comments
Closed

AccessDeniedException is logged as a CRITICAL whenever authentication is required #27608

junowilderness opened this issue Jun 14, 2018 · 3 comments
Labels
Bug FrameworkBundle Security Status: Needs Review

Comments

@junowilderness
Copy link
Contributor

junowilderness commented Jun 14, 2018
edited
Loading

Symfony version(s) affected: 4.1.0

Description
Symfony 4.1.0 logs a request.CRITICAL whenever authentication is required.

[2018-06-14 20:52:10] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2018-06-14 20:52:10] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Security\Core\Exception\AccessDeniedException: "Access Denied." at /Users/cjm/Sites/website-skeleton/vendor/symfony/security/Http/Firewall/AccessListener.php line 68 {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /Users/cjm/Sites/website-skeleton/vendor/symfony/security/Http/Firewall/AccessListener.php:68)"} []
[2018-06-14 20:52:10] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /Users/cjm/Sites/website-skeleton/vendor/symfony/security/Http/Firewall/AccessListener.php:68)"} []
[2018-06-14 20:52:10] security.DEBUG: Calling Authentication entry point. [] []

This behavior is different than Symfony 3, which does not log the request.CRITICAL. It should be silenced because the exception is actually caught.

How to reproduce

  1. Follow part 1-a on https://symfony.com/doc/current/security.html to configure basic authentication. Observe the log file when the /admin route receives a GET request.

Possible Solution

Additional context
@junowilderness junowilderness mentioned this issue Jun 14, 2018
Closed
@xabbuh
Copy link
Member

xabbuh commented Jun 15, 2018

This looks like a duplicate of #27440 which was fixed in #27562. So I am going to close here, but please leave a comment if you still experience the issue even with the patch and we can reopen.

@xabbuh xabbuh closed this as completed Jun 15, 2018
@junowilderness
Copy link
Contributor Author

Indeed. Thank you @xabbuh.

@lyrixx
Copy link
Member

lyrixx commented Jun 15, 2018
edited
Loading

Just to inform people who reach this issue, There is the same issue with API Platform when the validation of a payload fails.
And the linked PR fixes this issue too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug FrameworkBundle Security Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lyrixx @xabbuh @junowilderness @carsonbot