From 10eff8514491c7e98a401d161caa801b6e73921a Mon Sep 17 00:00:00 2001 From: Johan DESMYTER Date: Mon, 31 Oct 2016 22:49:19 +0300 Subject: [PATCH 1/6] add documentation about access denied handler --- security.rst | 1 + security/access_denied_handler.rst | 68 ++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 security/access_denied_handler.rst diff --git a/security.rst b/security.rst index 2c7686c7e50..99c4956d9a6 100644 --- a/security.rst +++ b/security.rst @@ -1295,6 +1295,7 @@ Authorization (Denying Access) security/force_https security/securing_services security/access_control + security/access_denied_handler Other Security Related Topics ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst new file mode 100644 index 00000000000..a84dd15f0ae --- /dev/null +++ b/security/access_denied_handler.rst @@ -0,0 +1,68 @@ +.. index:: + single: Security; Creating a Custom Access Denied Handler + +How to Create a Custom Access Denied Handler +============================================ + +When your application throw an ``AccessDeniedException`` you can catch this exception +with a service to return a custom Response. + +On each firewall context you can define a custom access denied handler. + +.. configuration-block:: + + .. code-block:: yaml + + # app/config/security.yml + firewalls: + foo: + # ... + access_denied_handler: custom_handler.service.id + + .. code-block:: php + + // app/config/security.php + $container->loadFromExtension('security', array( + 'firewalls' => array( + 'foo' => array( + // ... + 'access_denied_handler' => 'custom_handler.service.id', + ), + ), + )); + + +Your handler must implement the interface +:class:`Symfony\\Component\\Security\\Http\\Authorization\\AccessDeniedHandlerInterface`. +This interface define one method called ``handle()`` that can do whatever you want. +You can use it to send a mail, log a message, or generally return a custom Response. + + +.. code-block:: php + + namespace AppBundle\Security; + + use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; + use Symfony\Component\HttpFoundation\Request; + use Symfony\Component\HttpFoundation\Response; + use Symfony\Component\Security\Core\Exception\AccessDeniedException; + + class AccessDeniedHandler implements AccessDeniedHandlerInterface + { + public function handle(Request $request, AccessDeniedException $accessDeniedException) + { + // to some stuff... + return new Response($content, 403); + } + } + +Then you must register your service : + +.. code-block:: yml + + # app/config/services.yml + services: + custom_handler.service.id: + class: AppBundle\Security\AccessDeniedHandler + +That's it, now on the ``foo`` firewall, all ``AccessDeniedException`` will be notified to you service. From 3d28e5b05faa9a5995fb784841625b9988250731 Mon Sep 17 00:00:00 2001 From: Johan DESMYTER Date: Tue, 1 Nov 2016 13:30:46 +0300 Subject: [PATCH 2/6] fix yml marker to yaml --- security/access_denied_handler.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index a84dd15f0ae..232bb096fce 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -58,7 +58,7 @@ You can use it to send a mail, log a message, or generally return a custom Respo Then you must register your service : -.. code-block:: yml +.. code-block:: yaml # app/config/services.yml services: From 4731340d29aec208e5e94d2d43ab8fd148764fca Mon Sep 17 00:00:00 2001 From: Johan DESMYTER Date: Tue, 1 Nov 2016 13:57:12 +0300 Subject: [PATCH 3/6] fix typo --- security/access_denied_handler.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index 232bb096fce..372e06ee393 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -65,4 +65,4 @@ Then you must register your service : custom_handler.service.id: class: AppBundle\Security\AccessDeniedHandler -That's it, now on the ``foo`` firewall, all ``AccessDeniedException`` will be notified to you service. +That's it, now on the ``foo`` firewall, all ``AccessDeniedException`` will be notified to your service. From e8b708b2bb4237d6704b24601587711cad34adb0 Mon Sep 17 00:00:00 2001 From: Johan DESMYTER Date: Thu, 3 Nov 2016 07:11:20 +0300 Subject: [PATCH 4/6] xabbuh review --- security/access_denied_handler.rst | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index 372e06ee393..3dd4d815ee5 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -4,7 +4,7 @@ How to Create a Custom Access Denied Handler ============================================ -When your application throw an ``AccessDeniedException`` you can catch this exception +When your application throws an ``AccessDeniedException``, you can catch this exception with a service to return a custom Response. On each firewall context you can define a custom access denied handler. @@ -19,6 +19,14 @@ On each firewall context you can define a custom access denied handler. # ... access_denied_handler: custom_handler.service.id + .. code-block:: xml + + + + custom_handler.service.id + + + .. code-block:: php // app/config/security.php @@ -32,20 +40,20 @@ On each firewall context you can define a custom access denied handler. )); -Your handler must implement the interface +Your handler must implement the :class:`Symfony\\Component\\Security\\Http\\Authorization\\AccessDeniedHandlerInterface`. -This interface define one method called ``handle()`` that can do whatever you want. -You can use it to send a mail, log a message, or generally return a custom Response. - +This interface defines one method called ``handle()`` that implements the logic you want +to execute when access is denied to the current user (send a mail, log a message, or +generally return a custom Response). .. code-block:: php namespace AppBundle\Security; - use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Exception\AccessDeniedException; + use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface; class AccessDeniedHandler implements AccessDeniedHandlerInterface { From 7922dc9a618ed65ba4b063390817b8581aacff95 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 21 Nov 2016 10:22:36 +0100 Subject: [PATCH 5/6] When talking about generic responses, don't spell it as Response (which is a Symfony class) --- security/access_denied_handler.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index 3dd4d815ee5..056a5c5f113 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -5,7 +5,7 @@ How to Create a Custom Access Denied Handler ============================================ When your application throws an ``AccessDeniedException``, you can catch this exception -with a service to return a custom Response. +with a service to return a custom response. On each firewall context you can define a custom access denied handler. @@ -44,7 +44,7 @@ Your handler must implement the :class:`Symfony\\Component\\Security\\Http\\Authorization\\AccessDeniedHandlerInterface`. This interface defines one method called ``handle()`` that implements the logic you want to execute when access is denied to the current user (send a mail, log a message, or -generally return a custom Response). +generally return a custom response). .. code-block:: php From b30ad2a4e5c60611c7b442135562d83cf23a328b Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 21 Nov 2016 10:29:27 +0100 Subject: [PATCH 6/6] Minor rewordings --- security/access_denied_handler.rst | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index 056a5c5f113..c7b63a67592 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -4,10 +4,10 @@ How to Create a Custom Access Denied Handler ============================================ -When your application throws an ``AccessDeniedException``, you can catch this exception +When your application throws an ``AccessDeniedException``, you can handle this exception with a service to return a custom response. -On each firewall context you can define a custom access denied handler. +Each firewall context can define its own custom access denied handler: .. configuration-block:: @@ -17,13 +17,13 @@ On each firewall context you can define a custom access denied handler. firewalls: foo: # ... - access_denied_handler: custom_handler.service.id + access_denied_handler: app.security.access_denied_handler .. code-block:: xml - custom_handler.service.id + app.security.access_denied_handler @@ -34,7 +34,7 @@ On each firewall context you can define a custom access denied handler. 'firewalls' => array( 'foo' => array( // ... - 'access_denied_handler' => 'custom_handler.service.id', + 'access_denied_handler' => 'app.security.access_denied_handler', ), ), )); @@ -42,8 +42,8 @@ On each firewall context you can define a custom access denied handler. Your handler must implement the :class:`Symfony\\Component\\Security\\Http\\Authorization\\AccessDeniedHandlerInterface`. -This interface defines one method called ``handle()`` that implements the logic you want -to execute when access is denied to the current user (send a mail, log a message, or +This interface defines one method called ``handle()`` that implements the logic to +execute when access is denied to the current user (send a mail, log a message, or generally return a custom response). .. code-block:: php @@ -59,18 +59,19 @@ generally return a custom response). { public function handle(Request $request, AccessDeniedException $accessDeniedException) { - // to some stuff... + // ... + return new Response($content, 403); } } -Then you must register your service : +Then, register the service for the access denied handler: .. code-block:: yaml # app/config/services.yml services: - custom_handler.service.id: + app.security.access_denied_handler: class: AppBundle\Security\AccessDeniedHandler -That's it, now on the ``foo`` firewall, all ``AccessDeniedException`` will be notified to your service. +That's it! Any ``AccessDeniedException`` thrown by the ``foo`` firewall will now be handled by your service.