15

I am trying to get my security stuff setup for symfony2 and I have it working so far, but now I need to do some more fancy things. I am currently using everything dealing with PreAuthentication (I use a third party component for logging in and session management). That part is working great in tandem with the JMS security bundle.

Now I am to the point when I want to catch the users that are throwing 403s so I can just forward them to the login page of the third party component that I am using. I think my best bet is to add an exception handler to the exception listener. I am looking at the AccessDeniedHandlerInterface.

  1. Is this the right direction for me to be going?
  2. How do I add this handler to the exception listener?

EDIT: I ended up doing something similar. I created a service that is prompted on the kernel.exception event. services.yml looks like this:

services:
   kernel.listener.accessDenied:
    class: Fully\Qualified\Namespace\Path\To\Class
    tags:
      - { name: kernel.event_listener, event: kernel.exception, method: onAccessDeniedException }

and the class it self:

<?php

namespace Fully\Qualified\Namespace\Path\To;

use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent,
Symfony\Component\HttpFoundation\Response,
Symfony\Component\Security\Core\Exception\AccessDeniedException;

class Class
{
  public function onAccessDeniedException(GetResponseForExceptionEvent $event)
  {
    $exception = $event->getException();
    //Get the root cause of the exception.
    while (null !== $exception->getPrevious()) {
      $exception = $exception->getPrevious();
    }
    if ($exception instanceof AccessDeniedException) {
      //Forward to third-party.
    }
  }
}
Improve this question
0

1 Answer 1

Reset to default
21

This sounds about right.

Or, if you're specifically interested in AccessDeniedException you could also define access_denied_handler within your firewall in security.yml:

security:
    firewalls:
        my_firewall:
            # ...
            access_denied_handler: kernel.listener.access_denied.handler
            # ...

Then define your service in your services.xml or equivalent:

<parameters>
    <parameter key="kernel.listener.security.class">Path\To\Your\Class</parameter>
</parameters>

<service id="kernel.listener.access_denied.handler" class="%kernel.listener.security.class%">
    <tag name="kernel.event_listener" event="security.kernel_response" method="handle" />
</service>

The handler class:

use \Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;

class MyAccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // do something with your exception and return Response object (plain message of rendered template)
    }
}

You can find complete Security reference of Symfony2 here: http://symfony.com/doc/2.8/reference/configuration/security.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.