diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php index d059a0bff6b74..1c5e372fb1029 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php @@ -63,6 +63,23 @@ public function testRoutingErrorIsNotExposedForProtectedResourceWhenLoggedInWith $this->assertNotEquals(404, $client->getResponse()->getStatusCode()); } + /** + * @dataProvider getConfigs + */ + public function testRoutingErrorIsNotExposedForNotExistingProtectedResource($config) + { + if (strpos(PHP_OS, "WIN") === 0 && version_compare(phpversion(), "5.3.9", "<")) { + $this->markTestSkipped('Test hangs on Windows & PHP due to https://bugs.php.net/bug.php?id=60120 fixed in http://svn.php.net/viewvc?view=revision&revision=318366'); + } + + $client = $this->createClient(array('test_case' => 'StandardFormLogin', 'root_config' => $config)); + $client->insulate(); + + $client->request('GET', '/protected_not_existing_resource$'); + + $this->assertNotEquals(404, $client->getResponse()->getStatusCode()); + } + /** * @dataProvider getConfigs * @group ip_whitelist diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml index 624637b0c82aa..84727f40e1fb1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml @@ -31,5 +31,6 @@ security: - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/highly_protected_resource$, roles: IS_ADMIN } + - { path: ^/protected_not_existing_resource$, roles: IS_ADMIN } - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or has_role('ROLE_USER')" } - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Component/Security/Http/Firewall.php b/src/Symfony/Component/Security/Http/Firewall.php index 7bad47a5bed01..def3c8641042c 100644 --- a/src/Symfony/Component/Security/Http/Firewall.php +++ b/src/Symfony/Component/Security/Http/Firewall.php @@ -11,8 +11,10 @@ namespace Symfony\Component\Security\Http; +use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; +use Symfony\Component\HttpKernel\Event\KernelEvent; +use Symfony\Component\HttpKernel\Exception\HttpException; use Symfony\Component\HttpKernel\KernelEvents; -use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpKernel\Event\FinishRequestEvent; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; @@ -49,9 +51,9 @@ public function __construct(FirewallMapInterface $map, EventDispatcherInterface /** * Handles security. * - * @param GetResponseEvent $event An GetResponseEvent instance + * @param KernelEvent $event An GetResponseEvent instance */ - public function onKernelRequest(GetResponseEvent $event) + public function onKernelRequest(KernelEvent $event) { if (!$event->isMasterRequest()) { return; @@ -84,6 +86,14 @@ public function onKernelFinishRequest(FinishRequestEvent $event) } } + public function onKernelException(GetResponseForExceptionEvent $event) + { + $exception = $event->getException(); + if ($exception instanceof HttpException && 404 === $exception->getStatusCode()) { + $this->onKernelRequest($event); + } + } + /** * {@inheritdoc} */ @@ -92,6 +102,7 @@ public static function getSubscribedEvents() return array( KernelEvents::REQUEST => array('onKernelRequest', 8), KernelEvents::FINISH_REQUEST => 'onKernelFinishRequest', + KernelEvents::EXCEPTION => array('onKernelException', 900), ); } }