fixes #1659

src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticationCommencingTest.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace Symfony\Bundle\Securitybundle\Tests\Functional;
+
+class AuthenticationCommencingTest extends WebTestCase
+{
+    public function testAuthenticationIsCommencingIfAccessDeniedExceptionIsWrapped()
+    {
+        $client = $this->createClient(array('test_case' => 'StandardFormLogin', 'root_config' => 'config.yml'));
+        $client->insulate();
+
+        $client->request('GET', '/secure-but-not-covered-by-access-control');
+        $this->assertRedirect($client->getResponse(), '/login');
+    }
+}

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Controller/LoginController.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\FormLoginBundle\Controller;
 
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\DependencyInjection\ContainerAware;
@@ -42,4 +43,9 @@ class LoginController extends ContainerAware
     {
         return new Response('', 400);
     }
+
+    public function secureAction()
+    {
+        throw new \Exception('Wrapper', 0, new \Exception('Another Wrapper', 0, new AccessDeniedException()));
+    }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/FormLoginBundle/Resources/config/routing.yml

@@ -25,3 +25,6 @@ form_login_redirect_to_protected_resource_after_login:
 form_logout:
     pattern: /logout_path
 
+form_secure_action:
+    pattern: /secure-but-not-covered-by-access-control
+    defaults: { _controller: FormLoginBundle:Login:secure }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml

@@ -26,5 +26,6 @@ security:
 
     access_control:
         - { path: ^/unprotected_resource$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/secure-but-not-covered-by-access-control$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
         - { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

@@ -76,6 +76,11 @@ class ExceptionListener
         $exception = $event->getException();
         $request = $event->getRequest();
 
+        // determine the actual cause for the exception
+        while (null !== $previous = $exception->getPrevious()) {
+            $exception = $previous;
+        }
+
         if ($exception instanceof AuthenticationException) {
             if (null !== $this->logger) {
                 $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage()));