Geek Answers Handbook

Symfony2 Do Not Redirect to Restricted Areas

I have a security file configured as follows:

security: ... pattern: ^/[members|admin] form_login: check_path: /members/auth login_path: /public/login failure_forward: false failure_path: null logout: path: /public/logout target: /

Currently, if I access the members url without authentication, it redirects me to /public/login , but I do not want it to redirect. I mainly answer json on my controllers, so I just want to show a warning about a limited URL, for example {"error": "Access denied"} . If I pulled out the login_path: /public/login code, it redirects the default URL / login. How can I make it not redirected?

+7
source share
3 answers

You need to create a listener and then call a response. My solution is based on - https://gist.github.com/xanf/1015146

Listener Code -

 namespace Your\NameSpace\Bundle\Listener; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\AccessDeniedException; use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; class AjaxAuthenticationListener { /** * Handles security related exceptions. * * @param GetResponseForExceptionEvent $event An GetResponseForExceptionEvent instance */ public function onCoreException(GetResponseForExceptionEvent $event) { $exception = $event->getException(); $request = $event->getRequest(); if ($request->isXmlHttpRequest()) { if ($exception instanceof AuthenticationException || $exception instanceof AccessDeniedException || $exception instanceof AuthenticationCredentialsNotFoundException) { $responseData = array('status' => 401, 'msg' => 'User Not Authenticated'); $response = new JsonResponse(); $response->setData($responseData); $response->setStatusCode($responseData['status']); $event->setResponse($response); } } } }

You need to create a service for the listener -

 e_ent_int_baems.ajaxauthlistener: class: Your\NameSpace\Bundle\Listener\AjaxAuthenticationListener tags: - { name: kernel.event_listener, event: kernel.exception, method: onCoreException, priority: 1000 }
+9
source

You can do what I did: in security.yml

 firewalls: administrators: pattern: ^/ form_login: check_path: _security_check login_path: _security_login logout: true security: true anonymous: true access_denied_url: access_denied

in routing.yml

 access_denied: path: /error403 defaults : _controller: FrameworkBundle:Template:template template: 'DpUserBundle:Static:error403.html.twig'

just add the firewall section * access_denied_url * param

+6
source

See this page for full security.yml configuration help. In addition, this is an even better link with explanations of each key.

I would suggest creating your own listener class to handle the returned JSON when the user needs to log in. Example: https://gist.github.com/1015146

0
source

More articles:


All Articles