[Security] made sure that we always replace the security access denied exception to an HTTP one
This commit is contained in:
parent
7dc89013eb
commit
46071f3238
@ -97,6 +97,8 @@ class ExceptionListener
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} elseif ($exception instanceof AccessDeniedException) {
|
} elseif ($exception instanceof AccessDeniedException) {
|
||||||
|
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
|
||||||
|
|
||||||
$token = $this->context->getToken();
|
$token = $this->context->getToken();
|
||||||
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
|
if (!$this->authenticationTrustResolver->isFullFledged($token)) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
@ -129,8 +131,6 @@ class ExceptionListener
|
|||||||
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
|
$response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
|
||||||
$response->setStatusCode(403);
|
$response->setStatusCode(403);
|
||||||
} else {
|
} else {
|
||||||
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
@ -148,8 +148,6 @@ class ExceptionListener
|
|||||||
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
|
$this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
|
||||||
}
|
}
|
||||||
|
|
||||||
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
return;
|
return;
|
||||||
|
Reference in New Issue
Block a user