merged branch uwej711/security_target_path_master (PR #4409)

Commits ------- 8ffaafa Make the session entry for the target url firewall dependent. Discussion ---------- [Security] Make the session entry for the target url firewall dependent. Bug fix: yes Feature addition: no Backwards compatibility break: yes Symfony2 tests pass: yes Fixes the following tickets: License of the code: MIT If there are two firewalls (eg. main and admin), calling an protected admin url will direct you to the login form of the admin. If I ignore this and go to the login form of the main firewall directly I will end up being redirected to the stored admin target url, which will lead me to the admin login form again. --------------------------------------------------------------------------- by travisbot at 2012-05-25T09:33:44Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1431566) (merged 8ffaafa8 into 45849ce3). --------------------------------------------------------------------------- by uwej711 at 2012-06-09T08:05:54Z Doesn't this make sense or did this slip through? Or is there something missing?
2012-07-02 19:27:21 +02:00 · 2012-07-02 19:27:21 +02:00 · 637aaacccb
commit 637aaacccb
parent b26cd4c080 8ffaafa867
4 changed files with 11 additions and 7 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@ -551,13 +551,14 @@ class SecurityExtension extends Extension
    {
        $exceptionListenerId = 'security.exception_listener.'.$id;
        $listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener'));
-        $listener->replaceArgument(3, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint));
+        $listener->replaceArgument(3, $id);
+        $listener->replaceArgument(4, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint));

        // access denied handler setup
        if (isset($config['access_denied_handler'])) {
-            $listener->replaceArgument(5, new Reference($config['access_denied_handler']));
+            $listener->replaceArgument(6, new Reference($config['access_denied_handler']));
        } elseif (isset($config['access_denied_url'])) {
-            $listener->replaceArgument(4, $config['access_denied_url']);
+            $listener->replaceArgument(5, $config['access_denied_url']);
        }

        return $exceptionListenerId;
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
@ -158,6 +158,7 @@
            <argument type="service" id="security.context" />
            <argument type="service" id="security.authentication.trust_resolver" />
            <argument type="service" id="security.http_utils" />
+            <argument />
            <argument type="service" id="security.authentication.entry_point" on-invalid="null" />
            <argument>%security.access.denied_url%</argument>
            <argument type="service" id="security.access.denied_handler" on-invalid="null" />
--- a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
@ -271,8 +271,8 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
        }

        $session = $request->getSession();
-        if ($targetUrl = $session->get('_security.target_path')) {
-            $session->remove('_security.target_path');
+        if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) {
+            $session->remove('_security.' . $this->providerKey . '.target_path');

            return $targetUrl;
        }
--- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@ -39,6 +39,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 class ExceptionListener
 {
    private $context;
+    private $providerKey;
    private $accessDeniedHandler;
    private $authenticationEntryPoint;
    private $authenticationTrustResolver;
@ -46,11 +47,12 @@ class ExceptionListener
    private $logger;
    private $httpUtils;

-    public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null)
+    public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null)
    {
        $this->context = $context;
        $this->accessDeniedHandler = $accessDeniedHandler;
        $this->httpUtils = $httpUtils;
+        $this->providerKey = $providerKey;
        $this->authenticationEntryPoint = $authenticationEntryPoint;
        $this->authenticationTrustResolver = $trustResolver;
        $this->errorPage = $errorPage;
@ -180,7 +182,7 @@ class ExceptionListener
    {
        // session isn't required when using http basic authentication mechanism for example
        if ($request->hasSession() && $request->isMethodSafe()) {
-            $request->getSession()->set('_security.target_path', $request->getUri());
+            $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri());
        }
    }
 }