vendor/symfony/security-http/Firewall/AccessListener.php line 31

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Security\Http\Firewall;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Event\RequestEvent;
  16. use Symfony\Component\Security\Core\Authentication\Token\NullToken;
  17. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  18. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  19. use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
  20. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  21. use Symfony\Component\Security\Http\AccessMapInterface;
  22. use Symfony\Component\Security\Http\Event\LazyResponseEvent;
  24. /**
  25.  * AccessListener enforces access control rules.
  26.  *
  27.  * @author Fabien Potencier <fabien@symfony.com>
  28.  *
  29.  * @final
  30.  */
  31. class AccessListener extends AbstractListener
  32. {
  33.     private TokenStorageInterface $tokenStorage;
  34.     private AccessDecisionManagerInterface $accessDecisionManager;
  35.     private AccessMapInterface $map;
  37.     public function __construct(TokenStorageInterface $tokenStorageAccessDecisionManagerInterface $accessDecisionManagerAccessMapInterface $mapbool $exceptionOnNoToken false)
  38.     {
  39.         if (false !== $exceptionOnNoToken) {
  40.             throw new \LogicException(sprintf('Argument $exceptionOnNoToken of "%s()" must be set to "false".'__METHOD__));
  41.         }
  43.         $this->tokenStorage $tokenStorage;
  44.         $this->accessDecisionManager $accessDecisionManager;
  45.         $this->map $map;
  46.     }
  48.     public function supports(Request $request): ?bool
  49.     {
  50.         [$attributes] = $this->map->getPatterns($request);
  51.         $request->attributes->set('_access_control_attributes'$attributes);
  53.         if ($attributes && (
  54.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] !== $attributes true)
  55.             && [AuthenticatedVoter::PUBLIC_ACCESS] !== $attributes
  56.         )) {
  57.             return true;
  58.         }
  60.         return null;
  61.     }
  63.     /**
  64.      * Handles access authorization.
  65.      *
  66.      * @throws AccessDeniedException
  67.      */
  68.     public function authenticate(RequestEvent $event)
  69.     {
  70.         $request $event->getRequest();
  72.         $attributes $request->attributes->get('_access_control_attributes');
  73.         $request->attributes->remove('_access_control_attributes');
  75.         if (!$attributes || ((
  76.             (\defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED_ANONYMOUSLY') ? [AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY] === $attributes false)
  77.             || [AuthenticatedVoter::PUBLIC_ACCESS] === $attributes
  78.         ) && $event instanceof LazyResponseEvent)) {
  79.             return;
  80.         }
  82.         $token $this->tokenStorage->getToken() ?? new NullToken();
  84.         if (!$this->accessDecisionManager->decide($token$attributes$requesttrue)) {
  85.             throw $this->createAccessDeniedException($request$attributes);
  86.         }
  87.     }
  89.     private function createAccessDeniedException(Request $request, array $attributes)
  90.     {
  91.         $exception = new AccessDeniedException();
  92.         $exception->setAttributes($attributes);
  93.         $exception->setSubject($request);
  95.         return $exception;
  96.     }
  98.     public static function getPriority(): int
  99.     {
  100.         return -255;
  101.     }
  102. }