symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
Lines changed: 38 additions & 10 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
Lines changed: 38 additions & 10 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
Lines changed: 18 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
Lines changed: 18 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/AbstractFactoryTest.php
Lines changed: 55 additions & 23 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Security/Factory/AbstractFactoryTest.php
Lines changed: 55 additions & 23 deletions
diff --git a/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Authentication/AuthenticationFailureHandlerInterface.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Authentication/AuthenticationFailureHandlerInterface.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Http/Authentication/AuthenticationSuccessHandlerInterface.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Authentication/AuthenticationSuccessHandlerInterface.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
Lines changed: 87 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
Lines changed: 87 additions & 0 deletions
@@ -28,14 +28,21 @@ abstract class AbstractFactory implements SecurityFactoryInterface
 {
     protected $options = array(
         'check_path'                     => '/login_check',
-        'login_path'                     => '/login',
         'use_forward'                    => false,
+    );
+
+    protected $defaultSuccessHandlerOptions = array(
         'always_use_default_target_path' => false,
         'default_target_path'            =>
9E12
 '/',
+        'login_path'                     => '/login',
         'target_path_parameter'          => '_target_path',
         'use_referer'                    => false,
+    );
+
+    protected $defaultFailureHandlerOptions = array(
         'failure_path'                   => null,
         'failure_forward'                => false,
+        'login_path'                     => '/login',
     );
 
     public function create(ContainerBuilder $container, $id, $config, $userProviderId, $defaultEntryPointId)
@@ -71,7 +78,7 @@ public function addConfiguration(NodeDefinition $node)
             ->scalarNode('failure_handler')->end()
         ;
 
-        foreach ($this->options as $name => $default) {
+        foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
             if (is_bool($default)) {
                 $builder->booleanNode($name)->defaultValue($default);
             } else {
@@ -149,21 +156,42 @@ protected function createListener($container, $id, $config, $userProvider)
         $listenerId = $this->getListenerId();
         $listener = new DefinitionDecorator($listenerId);
         $listener->replaceArgument(4, $id);
-        $listener->replaceArgument(5, array_intersect_key($config, $this->options));
+        $listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
+        $listener->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)));
+        $listener->replaceArgument(7, array_intersect_key($config, $this->options));
+
+        $listenerId .= '.'.$id;
+        $container->setDefinition($listenerId, $listener);
 
-        // success handler
+        return $listenerId;
+    }
+
+    protected function createAuthenticationSuccessHandler($container, $id, $config)
+    {
         if (isset($config['success_handler'])) {
-            $listener->replaceArgument(6, new Reference($config['success_handler']));
+            return $config['success_handler'];
         }
 
-        // failure handler
+        $successHandlerId = 'security.authentication.success_handler.'.$id;
+
+        $successHandler = $container->setDefinition($successHandlerId, new DefinitionDecorator('security.authentication.success_handler'));
+        $successHandler->replaceArgument(1, $id);
+        $successHandler->replaceArgument(2, array_intersect_key($config, $this->defaultSuccessHandlerOptions));
+
+        return $successHandlerId;
+    }
+
+    protected function createAuthenticationFailureHandler($container, $id, $config)
+    {
         if (isset($config['failure_handler'])) {
-            $listener->replaceArgument(7, new Reference($config['failure_handler']));
+            return $config['failure_handler'];
         }
 
-        $listenerId .= '.'.$id;
-        $container->setDefinition($listenerId, $listener);
+        $id = 'security.authentication.failure_handler.'.$id;
 
-        return $listenerId;
+        $failureHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.failure_handler'));
+        $failureHandler->replaceArgument(2, array_intersect_key($config, $this->defaultFailureHandlerOptions));
+
+        return $id;
     }
 }
@@ -37,6 +37,9 @@
         <parameter key="security.authentication.provider.pre_authenticated.class">Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider</parameter>
 
         <parameter key="security.authentication.provider.anonymous.class">Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider</parameter>
+
+        <parameter key="security.authentication.success_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler</parameter>
+        <parameter key="security.authentication.failure_handler.class">Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler</parameter>
     </parameters>
 
     <services>
@@ -98,13 +101,26 @@
             <argument type="service" id="security.authentication.session_strategy" />
             <argument type="service" id="security.http_utils" />
             <argument />
+            <argument type="service" id="security.authentication.success_handler" />
+            <argument type="service" id="security.authentication.failure_handler" />
             <argument type="collection"></argument>
-            <argument type="service" id="security.authentication.success_handler" on-invalid="null" />
-            <argument type="service" id="security.authentication.failure_handler" on-invalid="null" />
             <argument type="service" id="logger" on-invalid="null" />
             <argument type="service" id="event_dispatcher" on-invalid="null" />
         </service>
 
+        <service id="security.authentication.success_handler" class="%security.authentication.success_handler.class%" abstract="true" public="false">
+            <argument type="service" id="security.http_utils" />
+            <argument />
+            <argument />
+        </service>
+
+        <service id="security.authentication.failure_handler" class="%security.authentication.failure_handler.class%" abstract="true" public="false">
+            <argument type="service" id="http_kernel" />
+            <argument type="service" id="security.http_utils" />
+            <argument />
+            <argument type="service" id="logger" on-invalid="null" />
+        </service>
+
         <service id="security.authentication.listener.form"
                  class="%security.authentication.listener.form.class%"
                  parent="security.authentication.listener.abstract"
 
@@ -18,26 +18,11 @@ class AbstractFactoryTest extends \PHPUnit_Framework_TestCase
 {
     public function testCreate()
     {
-        $factory = $this->getFactory();
-
-        $factory
-            ->expects($this->once())
-            ->method('createAuthProvider')
-            ->will($this->returnValue('auth_provider'))
-        ;
-        $factory
-            ->expects($this->atLeastOnce())
-            ->method('getListenerId')
-            ->will($this->returnValue('abstract_listener'))
-        ;
-
-        $container = new ContainerBuilder();
-        $container->register('auth_provider');
-
-        list($authProviderId,
+        list($container,
+             $authProviderId,
              $listenerId,
              $entryPointId
-        ) = $factory->create($container, 'foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'foo', 'remember_me' => true), 'user_provider', 'entry_point');
+         ) = $this->callFactory('foo', array('use_forward' => true, 'failure_path' => '/foo', 'success_handler' => 'qux', 'failure_handler' => 'bar', 'remember_me' => true), 'user_provider', 'entry_point');
 
         // auth provider
         $this->assertEquals('auth_provider', $authProviderId);
@@ -48,19 +33,66 @@ public function testCreate()
         $definition = $container->getDefinition('abstract_listener.foo');
         $this->assertEquals(array(
             'index_4' => 'foo',
-            'index_5' => array(
+            'index_5' => new Reference('qux'),
+            'index_6' => new Reference('bar'),
+            'index_7' => array(
                 'use_forward'                    => true,
-                'failure_path'                   => '/foo',
             ),
-            'index_6' => new Reference('foo'),
         ), $definition->getArguments());
 
         // entry point
         $this->assertEquals('entry_point', $entryPointId, '->create() does not change the default entry point.');
     }
 
-    protected function getFactory()
+    public function testDefaultFailureHandler()
+    {
+        list($container,
+             $authProviderId,
+             $listenerId,
+             $entryPointId
+         ) = $this->callFactory('foo', array('remember_me' => true), 'user_provider', 'entry_point');
+
+        $definition = $container->getDefinition('abstract_listener.foo');
+        $arguments = $definition->getArguments();
+        $this->assertEquals(new Reference('security.authentication.failure_handler.foo'), $arguments['index_6']);
+    }
+
+    public function testDefaultSuccessHandler()
     {
-        return $this->getMockForAbstractClass('Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory', array());
+        list($container,
+             $authProviderId,
+             $listenerId,
+             $entryPointId
+         ) = $this->callFactory('foo', array('remember_me' => true), 'user_provider', 'entry_point');
+
+        $definition = $container->getDefinition('abstract_listener.foo');
+        $arguments = $definition->getArguments();
+        $this->assertEquals(new Reference('security.authentication.success_handler.foo'), $arguments['index_5']);
+    }
+
+    protected function callFactory($id, $config, $userProviderId, $defaultEntryPointId)
+    {
+        $factory = $this->getMockForAbstractClass('Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory', array());
+
+        $factory
+            ->expects($this->once())
+            ->method('createAuthProvider')
+            ->will($this->returnValue('auth_provider'))
+        ;
+        $factory
+            ->expects($this->atLeastOnce())
+            ->method('getListenerId')
+            ->will($this->returnValue('abstract_listener'))
+        ;
+
+        $container = new ContainerBuilder();
+        $container->register('auth_provider');
+
+        list($authProviderId,
+             $listenerId,
+             $entryPointId
+         ) = $factory->create($container, $id, $config, $userProviderId, $defaultEntryPointId);
+
+        return array($container, $authProviderId, $listenerId, $entryPointId);
     }
 }
@@ -20,3 +20,6 @@ CHANGELOG
  * `ObjectIdentity::fromDomainObject`, `UserSecurityIdentity::fromAccount` and
    `UserSecurityIdentity::fromToken` now return correct identities for proxies
    objects (e.g. Doctrine proxies)
+ * [BC BREAK] moved the default authentication success and failure handling to
+   seperate classes. The order of arguments in the constructor of the
+   `AbstractAuthenticationListener` has changed.
@@ -33,7 +33,7 @@ interface AuthenticationFailureHandlerInterface
      * @param Request                 $request
      * @param AuthenticationException $exception
      *
-     * @return Response|null the response to return
+     * @return Response The response to return, never null
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception);
 }
@@ -33,7 +33,7 @@ interface AuthenticationSuccessHandlerInterface
      * @param Request        $request
      * @param TokenInterface $token
      *
-     * @return Response|null the response to return
+     * @return Response never null
      */
     public function onAuthenticationSuccess(Request $request, TokenInterface $token);
 }
@@ -0,0 +1,87 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Authentication;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\Log\LoggerInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\SecurityContextInterface;
+use Symfony\Component\Security\Http\HttpUtils;
+
+/**
+ * Class with the default authentication failure handling logic.
+ *
+ * Can be optionally be extended from by the developer to alter the behaviour
+ * while keeping the default behaviour.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ * @author Alexander <iam.asm89@gmail.com>
+ */
+class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
+{
+    protected $httpKernel;
+    protected $httpUtils;
+    protected $logger;
+    protected $options;
+
+    /**
+     * Constructor.
+     *
+     * @param HttpKernelInterface $httpKernel
+     * @param HttpUtils           $httpUtils
+     * @param array               $options    Options for processing a failed authentication attempt.
+     * @param LoggerInterface     $logger     Optional logger
+     */
+    public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options, LoggerInterface $logger = null)
+    {
+        $this->httpKernel = $httpKernel;
+        $this->httpUtils  = $httpUtils;
+        $this->logger     = $logger;
+
+        $this->options = array_merge(array(
+            'failure_path'    => null,
+            'failure_forward' => false,
+            'login_path'      => '/login',
+        ), $options);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
+    {
+        if (null === $this->options['failure_path']) {
+            $this->options['failure_path'] = $this->options['login_path'];
+        }
+
+        if ($this->options['failure_forward']) {
+            if (null !== $this->logger) {
+                $this->logger->debug(sprintf('Forwarding to %s', $this->options['failure_path']));
+            }
+
+            $subRequest = $this->httpUtils->createRequest($request, $this->options['failure_path']);
+            $subRequest->attributes->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
+
+            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+        }
+
+        if (null !== $this->logger) {
+            $this->logger->debug(sprintf('Redirecting to %s', $this->options['failure_path']));
+        }
+
+        $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
+
+        return $this->httpUtils->createRedirectResponse($request, $this->options['failure_path']);
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ interface AuthenticationFailureHandlerInterface`
`33`	`33`	`* @param Request $request`
`34`	`34`	`* @param AuthenticationException $exception`
`35`	`35`	`*`
`36`		`- * @return Response\|null the response to return`
	`36`	`+ * @return Response The response to return, never null`
`37`	`37`	`*/`
`38`	`38`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception);`
`39`	`39`	`}`