Home » Php » php – symfony2 No redirect on restricted areas

php – symfony2 No redirect on restricted areas

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have my security file configured as follows:

security:
...
            pattern:    ^/[members|admin]
            form_login:
                check_path: /members/auth
                login_path: /public/login
                failure_forward: false
                failure_path: null
            logout:
                path:   /public/logout
                target: /

Currently if I access the members url without authenticating it redirects me to /public/login but I dont want it to redirect. I’m mainly responding with json on my controllers so I just want to show a warning on the restricted url such as {"error": "Access denied"}. If I take out the login_path: /public/login code it redirects to a default url /login. How do I do to stop it from redirecting?

How to&Answers:

You need to create a Listener and then trigger your response. My solution is based on – https://gist.github.com/xanf/1015146

Listener Code —

namespace Your\NameSpace\Bundle\Listener;

use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;

class AjaxAuthenticationListener
{

/**
 * Handles security related exceptions.
 *
 * @param GetResponseForExceptionEvent $event An GetResponseForExceptionEvent instance
 */
public function onCoreException(GetResponseForExceptionEvent $event)
{
    $exception = $event->getException();
    $request = $event->getRequest();

    if ($request->isXmlHttpRequest()) {
        if ($exception instanceof AuthenticationException || $exception instanceof AccessDeniedException || $exception instanceof AuthenticationCredentialsNotFoundException) {
            $responseData = array('status' => 401, 'msg' => 'User Not Authenticated');
            $response = new JsonResponse();
            $response->setData($responseData);
            $response->setStatusCode($responseData['status']);
            $event->setResponse($response);
        }
    }
}
}

You need to create a service for the listener —

e_ent_int_baems.ajaxauthlistener:
    class: Your\NameSpace\Bundle\Listener\AjaxAuthenticationListener
    tags:
      - { name: kernel.event_listener, event: kernel.exception, method: onCoreException, priority: 1000 }

Answer:

You can do like I did:
in security.yml

firewalls:
        administrators:
            pattern: ^/
            form_login:
                check_path:  _security_check
                login_path:  _security_login
            logout: true
            security: true
            anonymous: true
            access_denied_url: access_denied

in routing.yml

access_denied:
    path: /error403
    defaults :
        _controller: FrameworkBundle:Template:template
        template: 'DpUserBundle:Static:error403.html.twig'

simply add to firewall section *access_denied_url* param

Answer:

See this page for the full security.yml configuration reference. Also, this is an even better reference with explanations of each key.

I’d suggest creating your own listener class to handle returning JSON when a User needs to login. Example: https://gist.github.com/1015146