From 6b367d1e3df8adbc50f9170cfa9c371036ea8c83 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien.potencier@gmail.com>
Date: Thu, 22 Sep 2011 18:43:18 +0200
Subject: [PATCH] merged branch helmer/target_path (PR #2228)

Commits
-------

022a9a7 [Security] Make saving target_path extendible

Discussion
----------

[Security] Make saving target_path extendible

The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET

I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.

In my simplified scenario, I would be using:

```
protected function setTargetPath(Request $request)
{
    if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
        return;
    }

    $request->getSession()->set('_security.target_path', $request->getUri());
}
```

@Seldaek, @schmittjoh, @lsmith77, thoughts?

---------------------------------------------------------------------------

by Seldaek at 2011/09/21 02:37:02 -0700

Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)

---------------------------------------------------------------------------

by helmer at 2011/09/21 03:38:57 -0700

[Cookbook](https://github.com/helmer/symfony-docs/commit/b22c5e666edb2586840884e32f8209425125c30d) entry done. Perhaps though I rushed ahead ..

---------------------------------------------------------------------------

by Seldaek at 2011/09/21 03:52:01 -0700

Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
---
 .../Security/Http/Firewall/ExceptionListener.php         | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
index 46ffde83e6..9bbccca884 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -157,11 +157,16 @@ class ExceptionListener
             $this->logger->debug('Calling Authentication entry point');
         }
 
+        $this->setTargetPath($request);
+
+        return $this->authenticationEntryPoint->start($request, $authException);
+    }
+
+    protected function setTargetPath(Request $request)
+    {
         // session isn't required when using http basic authentication mechanism for example
         if ($request->hasSession()) {
             $request->getSession()->set('_security.target_path', $request->getUri());
         }
-
-        return $this->authenticationEntryPoint->start($request, $authException);
     }
 }