vendor/symfony/security-http/Firewall/AccessListener.php line 31

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  17. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  18. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  19. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  20. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  21. use Symfony\Component\Security\Http\AccessMapInterface;
  22. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  24. /**
  25.  * AccessListener enforces access control rules.
  26.  *
  27.  * @author Fabien Potencier <fabien@symfony.com>
  28.  *
  29.  * @final
  30.  */
  31. class AccessListener extends AbstractListener
  32. {
  33.     private $tokenStorage;
  34.     private $accessDecisionManager;
  35.     private $map;
  37.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapbool $exceptionOnNoToken false)
  38.     {
  39.         if (false !== $exceptionOnNoToken) {
  40.             throw new \LogicException(sprintf('Argument $exceptionOnNoToken of "%s()" must be set to "false".'__METHOD__));
  41.         }
  43.         $this->tokenStorage $tokenStorage;
  44.         $this->accessDecisionManager $accessDecisionManager;
  45.         $this->map $map;
  46.     }
  48.     /**
  49.      * {@inheritdoc}
  50.      */
  51.     public function supports(Request $request): ?bool
  52.     {
  53.         [$attributes] = $this->map->getPatterns($request);
  54.         $request->attributes->set('_access_control_attributes'$attributes);
  56.         if ($attributes && (
  57.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes true)
  58.             && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes
  59.         )) {
  60.             return true;
  61.         }
  63.         return null;
  64.     }
  66.     /**
  67.      * Handles access authorization.
  68.      *
  69.      * @throws AccessDeniedException
  70.      */
  71.     public function authenticate(RequestEvent $event)
  72.     {
  73.         $request $event->getRequest();
  75.         $attributes $request->attributes->get('_access_control_attributes');
  76.         $request->attributes->remove('_access_control_attributes');
  78.         if (!$attributes || ((
  79.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes false)
  80.             || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes
  81.         ) && $event instanceof LazyResponseEvent)) {
  82.             return;
  83.         }
  85.         $token $this->tokenStorage->getToken();
  86.         if (null === $token) {
  87.             $token = new NullToken();
  88.         }
  90.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  91.             throw $this->createAccessDeniedException($request$attributes);
  92.         }
  93.     }
  95.     private function createAccessDeniedException(Request $request, array $attributes)
  96.     {
  97.         $exception = new AccessDeniedException();
  98.         $exception->setAttributes($attributes);
  99.         $exception->setSubject($request);
  101.         return $exception;
  102.     }
  104.     public static function getPriority(): int
  105.     {
  106.         return -255;
  107.     }
  108. }