minor #38220 [Security] Log notice when no entry point is configured (wouterj)
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Log notice when no entry point is configured
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #37068
| License | MIT
| Doc PR | -
In the new security system, authenticators are not necessarily authentication entry points. This can cause unexpected behavior if no entry point is configured. It's not really an error, that's why I choose the "notice" level: "Normal but significant events".
Commits
-------
68f891ff65
Log notice when no entry point is configured
This commit is contained in:
commit
4d1a5222b3
@ -16,6 +16,7 @@ use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
|
||||
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
|
||||
use Symfony\Component\Config\Definition\ConfigurationInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
|
||||
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
||||
use Symfony\Component\Security\Http\Event\LogoutEvent;
|
||||
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
|
||||
|
||||
@ -194,7 +195,9 @@ class MainConfiguration implements ConfigurationInterface
|
||||
->scalarNode('request_matcher')->end()
|
||||
->scalarNode('access_denied_url')->end()
|
||||
->scalarNode('access_denied_handler')->end()
|
||||
->scalarNode('entry_point')->end()
|
||||
->scalarNode('entry_point')
|
||||
->info(sprintf('An enabled authenticator name or a service id that implements "%s"', AuthenticationEntryPointInterface::class))
|
||||
->end()
|
||||
->scalarNode('provider')->end()
|
||||
->booleanNode('stateless')->defaultFalse()->end()
|
||||
->booleanNode('lazy')->defaultFalse()->end()
|
||||
|
@ -195,6 +195,10 @@ class ExceptionListener
|
||||
private function startAuthentication(Request $request, AuthenticationException $authException): Response
|
||||
{
|
||||
if (null === $this->authenticationEntryPoint) {
|
||||
if (null !== $this->logger) {
|
||||
$this->logger->notice(sprintf('No Authentication entry point configured, returning a %s HTTP response. Configure "entry_point" on the firewall ("{firewall_name}") if you want to modify the response.', Response::HTTP_UNAUTHORIZED), ['firewall_name' => $this->providerKey]);
|
||||
}
|
||||
|
||||
throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, [], $authException->getCode());
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user