From 8785f3fa5ccc3c0767e75f1e2a24526242f7243b Mon Sep 17 00:00:00 2001 From: Dominic Luechinger Date: Thu, 6 Sep 2012 13:39:34 +0200 Subject: [PATCH] Minor improvement: Cleaned up the WsseListener example Refactoring the WsseListener * AuthenticationManagerInterface will never return a Response, instanceof check is obsolete * Added option to redirect to the login page by clear the token of the securityContext --- .../custom_authentication_provider.rst | 47 +++++++++---------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst index d345486711e..d6d84be7197 100644 --- a/cookbook/security/custom_authentication_provider.rst +++ b/cookbook/security/custom_authentication_provider.rst @@ -106,7 +106,6 @@ set an authenticated token in the security context if successful. use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; - use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Acme\DemoBundle\Security\Authentication\Token\WsseUserToken; class WsseListener implements ListenerInterface @@ -124,35 +123,35 @@ set an authenticated token in the security context if successful. { $request = $event->getRequest(); - if ($request->headers->has('x-wsse')) { + $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; + if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { + return; + } - $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; + $token = new WsseUserToken(); + $token->setUser($matches[1]); - if (preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { - $token = new WsseUserToken(); - $token->setUser($matches[1]); + $token->digest = $matches[2]; + $token->nonce = $matches[3]; + $token->created = $matches[4]; - $token->digest = $matches[2]; - $token->nonce = $matches[3]; - $token->created = $matches[4]; + try { + $authToken = $this->authenticationManager->authenticate($token); - try { - $returnValue = $this->authenticationManager->authenticate($token); + $this->securityContext->setToken($authToken); + } catch (AuthenticationException $failed) { + // you might log something here - if ($returnValue instanceof TokenInterface) { - return $this->securityContext->setToken($returnValue); - } elseif ($returnValue instanceof Response) { - return $event->setResponse($returnValue); - } - } catch (AuthenticationException $e) { - // you might log something here - } - } - } + // To deny the authentication clear the token. This will redirect to the login page. + // $this->securityContext->setToken(null); + // return; - $response = new Response(); - $response->setStatusCode(403); - $event->setResponse($response); + // Deny authentication with a '403 Forbidden' HTTP response + $response = new Response(); + $response->setStatusCode(403); + $event->setResponse($response); + + } } }