merged branch uwej711/security_target_path_master (PR #4409)
Commits -------8ffaafa
Make the session entry for the target url firewall dependent. Discussion ---------- [Security] Make the session entry for the target url firewall dependent. Bug fix: yes Feature addition: no Backwards compatibility break: yes Symfony2 tests pass: yes Fixes the following tickets: License of the code: MIT If there are two firewalls (eg. main and admin), calling an protected admin url will direct you to the login form of the admin. If I ignore this and go to the login form of the main firewall directly I will end up being redirected to the stored admin target url, which will lead me to the admin login form again. --------------------------------------------------------------------------- by travisbot at 2012-05-25T09:33:44Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1431566) (merged8ffaafa8
into45849ce3
). --------------------------------------------------------------------------- by uwej711 at 2012-06-09T08:05:54Z Doesn't this make sense or did this slip through? Or is there something missing?
This commit is contained in:
commit
637aaacccb
@ -551,13 +551,14 @@ class SecurityExtension extends Extension
|
|||||||
{
|
{
|
||||||
$exceptionListenerId = 'security.exception_listener.'.$id;
|
$exceptionListenerId = 'security.exception_listener.'.$id;
|
||||||
$listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener'));
|
$listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener'));
|
||||||
$listener->replaceArgument(3, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint));
|
$listener->replaceArgument(3, $id);
|
||||||
|
$listener->replaceArgument(4, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint));
|
||||||
|
|
||||||
// access denied handler setup
|
// access denied handler setup
|
||||||
if (isset($config['access_denied_handler'])) {
|
if (isset($config['access_denied_handler'])) {
|
||||||
$listener->replaceArgument(5, new Reference($config['access_denied_handler']));
|
$listener->replaceArgument(6, new Reference($config['access_denied_handler']));
|
||||||
} elseif (isset($config['access_denied_url'])) {
|
} elseif (isset($config['access_denied_url'])) {
|
||||||
$listener->replaceArgument(4, $config['access_denied_url']);
|
$listener->replaceArgument(5, $config['access_denied_url']);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $exceptionListenerId;
|
return $exceptionListenerId;
|
||||||
|
@ -158,6 +158,7 @@
|
|||||||
<argument type="service" id="security.context" />
|
<argument type="service" id="security.context" />
|
||||||
<argument type="service" id="security.authentication.trust_resolver" />
|
<argument type="service" id="security.authentication.trust_resolver" />
|
||||||
<argument type="service" id="security.http_utils" />
|
<argument type="service" id="security.http_utils" />
|
||||||
|
<argument />
|
||||||
<argument type="service" id="security.authentication.entry_point" on-invalid="null" />
|
<argument type="service" id="security.authentication.entry_point" on-invalid="null" />
|
||||||
<argument>%security.access.denied_url%</argument>
|
<argument>%security.access.denied_url%</argument>
|
||||||
<argument type="service" id="security.access.denied_handler" on-invalid="null" />
|
<argument type="service" id="security.access.denied_handler" on-invalid="null" />
|
||||||
|
@ -271,8 +271,8 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
}
|
}
|
||||||
|
|
||||||
$session = $request->getSession();
|
$session = $request->getSession();
|
||||||
if ($targetUrl = $session->get('_security.target_path')) {
|
if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) {
|
||||||
$session->remove('_security.target_path');
|
$session->remove('_security.' . $this->providerKey . '.target_path');
|
||||||
|
|
||||||
return $targetUrl;
|
return $targetUrl;
|
||||||
}
|
}
|
||||||
|
@ -39,6 +39,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
|||||||
class ExceptionListener
|
class ExceptionListener
|
||||||
{
|
{
|
||||||
private $context;
|
private $context;
|
||||||
|
private $providerKey;
|
||||||
private $accessDeniedHandler;
|
private $accessDeniedHandler;
|
||||||
private $authenticationEntryPoint;
|
private $authenticationEntryPoint;
|
||||||
private $authenticationTrustResolver;
|
private $authenticationTrustResolver;
|
||||||
@ -46,11 +47,12 @@ class ExceptionListener
|
|||||||
private $logger;
|
private $logger;
|
||||||
private $httpUtils;
|
private $httpUtils;
|
||||||
|
|
||||||
public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null)
|
public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null)
|
||||||
{
|
{
|
||||||
$this->context = $context;
|
$this->context = $context;
|
||||||
$this->accessDeniedHandler = $accessDeniedHandler;
|
$this->accessDeniedHandler = $accessDeniedHandler;
|
||||||
$this->httpUtils = $httpUtils;
|
$this->httpUtils = $httpUtils;
|
||||||
|
$this->providerKey = $providerKey;
|
||||||
$this->authenticationEntryPoint = $authenticationEntryPoint;
|
$this->authenticationEntryPoint = $authenticationEntryPoint;
|
||||||
$this->authenticationTrustResolver = $trustResolver;
|
$this->authenticationTrustResolver = $trustResolver;
|
||||||
$this->errorPage = $errorPage;
|
$this->errorPage = $errorPage;
|
||||||
@ -180,7 +182,7 @@ class ExceptionListener
|
|||||||
{
|
{
|
||||||
// session isn't required when using http basic authentication mechanism for example
|
// session isn't required when using http basic authentication mechanism for example
|
||||||
if ($request->hasSession() && $request->isMethodSafe()) {
|
if ($request->hasSession() && $request->isMethodSafe()) {
|
||||||
$request->getSession()->set('_security.target_path', $request->getUri());
|
$request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user