8000 Require entry_point to be configured with multiple authenticators · symfony/symfony@7169af4 · GitHub
[go: up one dir, main page]
Skip to content

Commit 7169af4

Browse files
wouterjwouterj
committed
Require entry_point to be configured with multiple authenticators
Entry_point can now also be set to an authenticator name (instead of only service IDs), to ease configuration.
1 parent 034ae82 commit 7169af4

File tree

7 files changed

+42
-16
lines changed

7 files changed

+42
-16
lines changed

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ CHANGELOG
77
* Added XSD for configuration
88
* Added security configuration for priority-based access decision strategy
99
* Marked the `AbstractFactory`, `AnonymousFactory`, `FormLoginFactory`, `FormLoginLdapFactory`, `GuardAuthenticationFactory`, `HttpBasicFactory`, `HttpBasicLdapFactory`, `JsonLoginFactory`, `JsonLoginLdapFactory`, `RememberMeFactory`, `RemoteUserFactory` and `X509Factory` as `@final`
10+
* Renamed method `AbstractFactory#createEntryPoint()` to `AbstractFactory#createDefaultEntryPoint()`
1011

1112
5.0.0
1213
-----

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ public function create(ContainerBuilder $container, string $id, array $config, s
6767
}
6868

6969
// create entry point if applicable (optional)
70-
$entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPointId);
70+
$entryPointId = $this->createDefaultEntryPoint($container, $id, $config, $defaultEntryPointId);
7171

7272
return [$authProviderId, $listenerId, $entryPointId];
7373
}
@@ -128,7 +128,7 @@ abstract protected function getListenerId();
128128
*
129129
* @return string|null the entry point id
130130
*/
131-
protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
131+
protected function createDefaultEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
132132
{
133133
return $defaultEntryPointId;
134134
}

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/EntryPointFactoryInterface.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,5 @@ interface EntryPointFactoryInterface
2323
/**
2424
* Creates the entry point and returns the service ID.
2525
*/
26-
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string;
26+
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): ?string;
2727
}

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,12 @@ protected function createListener(ContainerBuilder $container, string $id, array
9292
return $listenerId;
9393
}
9494

95-
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint): string
95+
protected function createDefaultEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId)
96+
{
97+
return $this->createEntryPoint($container, $id, $config);
98+
}
99+
100+
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): string
96101
{
97102
$entryPointId = 'security.authentication.form_entry_point.'.$id;
98103
$container

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*
2727
* @internal
2828
*/
29-
class GuardAuthenticationFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface, EntryPointFactoryInterface
29+
class GuardAuthenticationFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
3030
{
3131
public function getPosition()
3232
{
@@ -113,9 +113,15 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
113113
return $authenticatorIds;
114114
}
115115

116-
public function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPointId): string
116+
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): ?string
117117
{
118-
return $this->determineEntryPoint($defaultEntryPointId, $config);
118+
try {
119+
return $this->determineEntryPoint(null, $config);
120+
} catch (\LogicException $e) {
121+
// ignore the exception, the new system prefers setting "entry_point" over "guard.entry_point"
122+
}
123+
124+
return null;
119125
}
120126

121127
private function determineEntryPoint(?string $defaultEntryPointId, array $config): string

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
*
2424
* @internal
2525
*/
26-
class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
26+
class HttpBasicFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface, EntryPointFactoryInterface
2727
{
2828
public function create(ContainerBuilder $container, string $id, array $config, string $userProvider, ?string $defaultEntryPoint)
2929
{
@@ -36,7 +36,10 @@ public function create(ContainerBuilder $container, string $id, array $config, s
3636
;
3737

3838
// entry point
39-
$entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPoint);
39+
$entryPointId = $defaultEntryPoint;
40+
if (null === $entryPointId) {
41+
$entryPointId = $this->createEntryPoint($container, $id, $config);
42+
}
4043

4144
// listener
4245
$listenerId = 'security.authentication.listener.basic.'.$id;
@@ -79,12 +82,8 @@ public function addConfiguration(NodeDefinition $node)
7982
;
8083
}
8184

82-
protected function createEntryPoint(ContainerBuilder $container, string $id, array $config, ?string $defaultEntryPoint)
85+
public function createEntryPoint(ContainerBuilder $container, string $id, array $config): string
8386
{
84-
if (null !== $defaultEntryPoint) {
85-
return $defaultEntryPoint;
86-
}
87-
8887
$entryPointId = 'security.authentication.basic_entry_point.'.$id;
8988
$container
9089
->setDefinition($entryPointId, new ChildDefinition('security.authentication.basic_entry_point'))

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
use Symfony\Component\Security\Core\User\ChainUserProvider;
4040
use Symfony\Component\Security\Core\User\UserProviderInterface;
4141
use Symfony\Component\Security\Http\Controller\UserValueResolver;
42+
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
4243
use Twig\Extension\AbstractExtension;
4344

4445
/**
@@ -519,6 +520,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
519520
{
520521
$listeners = [];
521522
$hasListeners = false;
523+
$entryPoints = [];
522524

523525
foreach ($this->listenerPositions as $position) {
524526
foreach ($this->factories[$position] as $factory) {
@@ -541,8 +543,8 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
541543
$authenticationProviders[] = $authenticators;
542544
}
543545

544-
if ($factory instanceof EntryPointFactoryInterface) {
545-
$defaultEntryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], $defaultEntryPoint);
546+
if ($factory instanceof EntryPointFactoryInterface && ($entryPoint = $factory->createEntryPoint($container, $id, $firewall[$key], null))) {
547+
$entryPoints[$key] = $entryPoint;
546548
}
547549
} else {
548550
list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint);
@@ -555,6 +557,19 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri
555557
}
556558
}
557559

560+
if ($entryPoints) {
561+
// we can be sure the authenticator system is enabled
562+
if (null !== $defaultEntryPoint) {
563+
return $entryPoints[$defaultEntryPoint] ?? $defaultEntryPoint;
564+
}
565+
566+
if (1 === \count($entryPoints)) {
567+
return current($entryPoints);
568+
}
569+
570+
throw new InvalidConfigurationException(sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators (%s) or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $id, implode(', ', $entryPoints), AuthenticationEntryPointInterface::class));
571+
}
572+
558573
if (false === $hasListeners) {
559574
throw new InvalidConfigurationException(sprintf('No authentication listener registered for firewall "%s".', $id));
560575
}

0 commit comments

Comments
 (0)
0