vendor/symfony/security-http/Firewall/AccessListener.php line 34

  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  17. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  18. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  19. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  20. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  21. use Symfony\Component\Security\Http\AccessMapInterface;
  22. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  24. /**
  25. * AccessListener enforces access control rules.
  26. *
  27. * @author Fabien Potencier <fabien@symfony.com>
  28. *
  29. * @final
  30. */
  31. class AccessListener extends AbstractListener
  32. {
  33. private TokenStorageInterface $tokenStorage;
  34. private AccessDecisionManagerInterface $accessDecisionManager;
  35. private AccessMapInterface $map;
  37. public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionManagerInterface $accessDecisionManager, AccessMapInterface $map, bool $exceptionOnNoToken = false)
  38. {
  39. if (false !== $exceptionOnNoToken) {
  40. throw new \LogicException(sprintf('Argument $exceptionOnNoToken of "%s()" must be set to "false".', __METHOD__));
  41. }
  43. $this->tokenStorage = $tokenStorage;
  44. $this->accessDecisionManager = $accessDecisionManager;
  45. $this->map = $map;
  46. }
  48. public function supports(Request $request): ?bool
  49. {
  50. [$attributes] = $this->map->getPatterns($request);
  51. $request->attributes->set('_access_control_attributes', $attributes);
  53. if ($attributes && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes) {
  54. return true;
  55. }
  57. return null;
  58. }
  60. /**
  61. * Handles access authorization.
  62. *
  63. * @throws AccessDeniedException
  64. */
  65. public function authenticate(RequestEvent $event): void
  66. {
  67. $request = $event->getRequest();
  69. $attributes = $request->attributes->get('_access_control_attributes');
  70. $request->attributes->remove('_access_control_attributes');
  72. if (!$attributes || (
  73. [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes && $event instanceof LazyResponseEvent
  74. )) {
  75. return;
  76. }
  78. $token = $this->tokenStorage->getToken() ?? new NullToken();
  80. if (!$this->accessDecisionManager->decide($token, $attributes, $request, true)) {
  81. throw $this->createAccessDeniedException($request, $attributes);
  82. }
  83. }
  85. private function createAccessDeniedException(Request $request, array $attributes): AccessDeniedException
  86. {
  87. $exception = new AccessDeniedException();
  88. $exception->setAttributes($attributes);
  89. $exception->setSubject($request);
  91. return $exception;
  92. }
  94. public static function getPriority(): int
  95. {
  96. return -255;
  97. }
  98. }