From 8ffaafa86741a03ecb2f91e3d67802f4c6baf36b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Ja=CC=88ger?= Date: Thu, 24 May 2012 15:16:38 +0200 Subject: [PATCH] Make the session entry for the target url firewall dependent. If there are two firewalls (eg. main and admin), calling an protected admin url will direct you to the login form of the admin. If I ignore this and go to the login form of the main firewall directly I will end up being redirected to the stored admin target url. This is not what you usually want to happen. --- .../DependencyInjection/SecurityExtension.php | 7 ++++--- .../SecurityBundle/Resources/config/security_listeners.xml | 1 + .../Http/Firewall/AbstractAuthenticationListener.php | 4 ++-- .../Component/Security/Http/Firewall/ExceptionListener.php | 6 ++++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 71d8d36451..f2f47696f4 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -551,13 +551,14 @@ class SecurityExtension extends Extension { $exceptionListenerId = 'security.exception_listener.'.$id; $listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener')); - $listener->replaceArgument(3, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint)); + $listener->replaceArgument(3, $id); + $listener->replaceArgument(4, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint)); // access denied handler setup if (isset($config['access_denied_handler'])) { - $listener->replaceArgument(5, new Reference($config['access_denied_handler'])); + $listener->replaceArgument(6, new Reference($config['access_denied_handler'])); } elseif (isset($config['access_denied_url'])) { - $listener->replaceArgument(4, $config['access_denied_url']); + $listener->replaceArgument(5, $config['access_denied_url']); } return $exceptionListenerId; diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml index b35e3a2daa..b6cd02007a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml @@ -158,6 +158,7 @@ + %security.access.denied_url% diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php index 6d9531427f..1caaf0af0b 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php @@ -271,8 +271,8 @@ abstract class AbstractAuthenticationListener implements ListenerInterface } $session = $request->getSession(); - if ($targetUrl = $session->get('_security.target_path')) { - $session->remove('_security.target_path'); + if ($targetUrl = $session->get('_security.' . $this->providerKey . '.target_path')) { + $session->remove('_security.' . $this->providerKey . '.target_path'); return $targetUrl; } diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php index 05e7d14fe5..1a2d2b67e9 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php @@ -39,6 +39,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; class ExceptionListener { private $context; + private $providerKey; private $accessDeniedHandler; private $authenticationEntryPoint; private $authenticationTrustResolver; @@ -46,11 +47,12 @@ class ExceptionListener private $logger; private $httpUtils; - public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) + public function __construct(SecurityContextInterface $context, AuthenticationTrustResolverInterface $trustResolver, HttpUtils $httpUtils, $providerKey, AuthenticationEntryPointInterface $authenticationEntryPoint = null, $errorPage = null, AccessDeniedHandlerInterface $accessDeniedHandler = null, LoggerInterface $logger = null) { $this->context = $context; $this->accessDeniedHandler = $accessDeniedHandler; $this->httpUtils = $httpUtils; + $this->providerKey = $providerKey; $this->authenticationEntryPoint = $authenticationEntryPoint; $this->authenticationTrustResolver = $trustResolver; $this->errorPage = $errorPage; @@ -180,7 +182,7 @@ class ExceptionListener { // session isn't required when using http basic authentication mechanism for example if ($request->hasSession()) { - $request->getSession()->set('_security.target_path', $request->getUri()); + $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri()); } } }