Geek Answers Handbook

Symfony2: how to check if an action is protected?

I want to check from inside the controller if this is a secure page or not. How to do it?

My usage example:

  • User can register and log in.
  • If he logs in and tries to access a secure page, he will be redirected to the beta page until the end of June.
  • If he tries to access a regular page (not protected), he will be able to access it without any redirection.

Thank you for your help!

Aurel

+8
security php symfony
source share
2 answers

When Symfony2 processes the request, it maps the url pattern to each firewall defined in app/config/security.yml . When the url pattern matches the firewall pattern, Symfony2 creates some listener objects and calls the handle method on those objects. If any listener returns a Response object, then the loop breaks and Symfony2 prints the response. Part of the authentication is performed in authentication listeners. They are created from a configuration defined in a consistent firewall, for example, form_login , http_basic , etc. If the user is not authenticated, then authenticated listeners create a RedirectResponse object to redirect the user to the login page. For your case, you can cheat to create a custom authentication listener and add it to the secure page firewall. An example implementation will follow,

Create a Token class,

 namespace Your\Namespace; use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; class MyToken extends AbstractToken { public function __construct(array $roles = array()) { parent::__construct($roles); } public function getCredentials() { return ''; } }

Create a class that implements AuthenticationProviderInterface . For the form_login it authenticates with this UserProvider . In this case, he will not do anything.

 namespace Your\Namespace; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Acme\BaseBundle\Firewall\MyToken; class MyAuthProvider implements AuthenticationProviderInterface { public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } throw new \Exception('you should not get here'); } public function supports(TokenInterface $token) { return $token instanceof MyToken; }

Create an entry point class. The listener will create a RedirectResponse from this class.

 namespace Your\Namespace; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Http\HttpUtils; class MyAuthenticationEntryPoint implements AuthenticationEntryPointInterface { private $httpUtils; private $redirectPath; public function __construct(HttpUtils $httpUtils, $redirectPath) { $this->httpUtils = $httpUtils; $this->redirectPath = $redirectPath; } /** * {@inheritdoc} */ public function start(Request $request, AuthenticationException $authException = null) { //redirect action goes here return $this->httpUtils->createRedirectResponse($request, $this->redirectPath); }

Create a listener class. This is where you implement your redirect logic.

 namespace Your\Namespace; use Symfony\Component\Security\Http\Firewall\ListenerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; class MyAuthenticationListener implements ListenerInterface { private $securityContext; private $authenticationEntryPoint; public function __construct(SecurityContextInterface $securityContext, AuthenticationEntryPointInterface $authenticationEntryPoint) { $this->securityContext = $securityContext; $this->authenticationEntryPoint = $authenticationEntryPoint; } public function handle(GetResponseEvent $event) { $token = $this->securityContext->getToken(); $request = $event->getRequest(); if($token === null){ return; } //add your logic $redirect = // boolean value based on your logic if($token->isAuthenticated() && $redirect){ $response = $this->authenticationEntryPoint->start($request); $event->setResponse($response); return; } } }

Create services.

 <?xml version="1.0" ?> <container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <services> <service id="my_firewall.security.authentication.listener" class="Your\Namespace\MyAuthenticationListener" parent="security.authentication.listener.abstract" abstract="true"> <argument type="service" id="security.context" /> <argument /> <!-- Entry Point --> </service> <service id="my_firewall.entry_point" class="Your\Namespace\MyAuthenticationEntryPoint" public="false" ></service> <service id="my_firewall.auth_provider" class="Your\Namespace\MyAuthProvider" public="false"></service> </services> </container>

Register a listener. Create a folder called Security/Factory in the DependencyInjection folder. Then create a factory class.

 namespace Your\Bundle\DependencyInjection\Security\Factory; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\DependencyInjection\DefinitionDecorator; use Symfony\Component\DependencyInjection\Definition; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; use Symfony\Component\Config\Definition\Builder\NodeDefinition; class MyFirewallFactory implements SecurityFactoryInterface { public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) { $provider = 'my_firewall.auth_provider.'.$id; $container->setDefinition($provider, new DefinitionDecorator('my_firewall.auth_provider')); // entry point $entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPoint); // listener $listenerId = 'my_firewall.security.authentication.listener'.$id; $listener = $container->setDefinition($listenerId, new DefinitionDecorator('my_firewall.security.authentication.listener')); $listener->replaceArgument(1, new Reference($entryPointId)); return array($provider, $listenerId, $entryPointId); } public function getPosition() { return 'pre_auth'; } public function getKey() { return 'my_firewall'; //the listener name } protected function getListenerId() { return 'my_firewall.security.authentication.listener'; } public function addConfiguration(NodeDefinition $node) { $node ->children() ->scalarNode('redirect_path')->end() ->end() ; } protected function createEntryPoint($container, $id, $config, $defaultEntryPointId) { $entryPointId = 'my_firewall.entry_point'.$id; $container ->setDefinition($entryPointId, new DefinitionDecorator('my_firewall.entry_point')) ->addArgument(new Reference('security.http_utils')) ->addArgument($config['redirect_path']) ; return $entryPointId; } }

Then in the NamespaceBundle.php folder of your package add the following code.

 public function build(ContainerBuilder $builder){ parent::build($builder); $extension = $builder->getExtension('security'); $extension->addSecurityListenerFactory(new Security\Factory\MyFirewallFactory()); }

An authentication listener is created, phew :). Now in app/config/security.yml follow these steps.

 api_area: pattern: ^/secured/ provider: fos_userbundle form_login: check_path: /login_check login_path: /login csrf_provider: form.csrf_provider my_firewall: redirect_path: /beta logout: true anonymous: true
+15
source share

I don't know if this is the right method. But you can try the following.

/vendor/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php has a handleRaw method that converts the request into a response. The request object is accessible from there. You can check if the client has requested access to the secure page. If so, you can manually install the controller, for example

 $request->attributes->set('_controller','your\Bundle\SecureBundle\Controller\SecureController::secureAction');

Another solution would be to establish a session if the user tries to access a secure page and check what is inside the controller.

Again, this may not be the right method, but it is a possible workaround

0
source share

More articles:


All Articles