minor #38220 [Security] Log notice when no entry point is configured (wouterj)

fabpot · fabpot · commit 4d1a5222b353 · 2020-09-17T12:03:51.000+02:00
This PR was merged into the 5.1 branch. Discussion ---------- [Security] Log notice when no entry point is configured | Q | A | ------------- | --- | Branch? | 5.1 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | Fix #37068 | License | MIT | Doc PR | - In the new security system, authenticators are not necessarily authentication entry points. This can cause unexpected behavior if no entry point is configured. It's not really an error, that's why I choose the "notice" level: "Normal but significant events". Commits ------- 68f891f Log notice when no entry point is configured
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -16,6 +16,7 @@
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
 use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
 
@@ -194,7 +195,9 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
             ->scalarNode('request_matcher')->end()
             ->scalarNode('access_denied_url')->end()
             ->scalarNode('access_denied_handler')->end()
-            ->scalarNode('entry_point')->end()
+            ->scalarNode('entry_point')
+                ->info(sprintf('An enabled authenticator name or a service id that implements "%s"', AuthenticationEntryPointInterface::class))
+            ->end()
             ->scalarNode('provider')->end()
             ->booleanNode('stateless')->defaultFalse()->end()
             ->booleanNode('lazy')->defaultFalse()->end()
diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -195,6 +195,10 @@ private function handleLogoutException(ExceptionEvent $event, LogoutException $e
     private function startAuthentication(Request $request, AuthenticationException $authException): Response
     {
         if (null === $this->authenticationEntryPoint) {
+            if (null !== $this->logger) {
+                $this->logger->notice(sprintf('No Authentication entry point configured, returning a %s HTTP response. Configure "entry_point" on the firewall ("{firewall_name}") if you want to modify the response.', Response::HTTP_UNAUTHORIZED), ['firewall_name' => $this->providerKey]);
+            }
+
             throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, [], $authException->getCode());
         }
 

Original file line number	Diff line number	Diff line change
`@@ -195,6 +195,10 @@ private function handleLogoutException(ExceptionEvent $event, LogoutException $e`
`195`	`195`	`private function startAuthentication(Request $request, AuthenticationException $authException): Response`
`196`	`196`	`{`
`197`	`197`	`if (null === $this->authenticationEntryPoint) {`
	`198`	`+ if (null !== $this->logger) {`
	`199`	`+ $this->logger->notice(sprintf('No Authentication entry point configured, returning a %s HTTP response. Configure "entry_point" on the firewall ("{firewall_name}") if you want to modify the response.', Response::HTTP_UNAUTHORIZED), ['firewall_name' => $this->providerKey]);`
	`200`	`+ }`
	`201`	`+`
`198`	`202`	`throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, [], $authException->getCode());`
`199`	`203`	`}`
`200`	`204`