merged branch stof/exception_listener (PR #1633)

Commits
-------

11369eb Fixed phpdoc
dbe1854 Added a AccessDeniedHttpException to wrap the AccessDeniedException.

Discussion
----------

Added a AccessDeniedHttpException to wrap the AccessDeniedException.

This is a proposal to fix #1631

It wraps the AccessDeniedException in an AccessDeniedHttpException when the firewall is not able to handle it itself. This allows getting a 403 response using the standard exception listener in this case.

Note that the app should not throw the AccessDeniedHttpException itself but keep using the AccessDeniedException to let the Security component check if the user is already fully authenticated or if it should give a chance to authenticate.

---------------------------------------------------------------------------

by fabpot at 2011/07/11 07:10:12 -0700

For reference, I've tried something more radical some time ago here: https://github.com/symfony/symfony/pull/369.

---------------------------------------------------------------------------

by stof at 2011/07/11 07:22:07 -0700

my implementation is what @schmittjoh suggested in the comments on your PR.

src/Symfony/Component/HttpKernel/Exception/AccessDeniedHttpException.php

@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpKernel\Exception;
+
+/**
+ * AccessDeniedHttpException.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Christophe Coevoet <stof@notk.org>
+ */
+class AccessDeniedHttpException extends HttpException
+{
+    /**
+     * Constructor.
+     *
+     * @param string    $message  The internal exception message
+     * @param Exception $previous The previous exception
+     * @param integer   $code     The internal exception code
+     */
+    public function __construct($message = null, \Exception $previous = null, $code = 0)
+    {
+        parent::__construct(403, $message, $previous, array(), $code);
+    }
+}

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

@@ -26,6 +26,7 @@ use Symfony\Component\HttpKernel\Log\LoggerInterface;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 /**
@@ -113,16 +114,16 @@ class ExceptionListener
                         if (!$response instanceof Response) {
                             return;
                         }
-                    } else {
-                        if (null === $this->errorPage) {
-                            return;
-                        }
-
+                    } elseif (null !== $this->errorPage) {
                         $subRequest = $this->httpUtils->createRequest($request, $this->errorPage);
                         $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception);
 
                         $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
                         $response->setStatusCode(403);
+                    } else {
+                        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
+                        return;
                     }
                 } catch (\Exception $e) {
                     if (null !== $this->logger) {