public function redirectToLogin()
{
$entryPointFound = FALSE;
foreach ($this->securityContext->getAuthenticationTokens() as $token) {
if (!is_object($token)) {
continue;
}
$entryPoint = $token->getAuthenticationEntryPoint();
if ($entryPoint !== NULL && $entryPoint->canForward($this->request)) {
$entryPointFound = TRUE;
if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
$options = $entryPoint->getOptions();
$options['uri'] = $options['uri'] . "?_redirect=" . urlencode($this->request->getRequestUri());
$entryPoint->setOptions($options);
$this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
} else {
$this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
}
$rootRequest = $this->request;
if ($this->request instanceof \TYPO3\FLOW3\MVC\Web\SubRequest) {
$rootRequest = $this->request->getRootRequest();
}
$this->securityContext->setInterceptedRequest($rootRequest);
$entryPoint->startAuthentication($rootRequest, $this->response);
throw new \TYPO3\FLOW3\MVC\Exception\StopActionException();
}
}
if ($entryPointFound === FALSE) {
$this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', 1317309673);
}
}
/**
* Logs calls and results of decideOnJoinPoint()
*
* @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())")
*
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
* @throws \Exception
* @return void
*/
public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$exception = $joinPoint->getException();
$subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint');
$message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().';
$this->securityLogger->log($message, \LOG_INFO);
throw $exception;
}
/**
* Advices the dispatch method so that illegal action requests are blocked before
* invoking any controller.
*
* The "request" referred to within this method is an ActionRequest or some other
* dispatchable request implementing RequestInterface. Note that we don't deal
* with HTTP requests here.
*
* @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return mixed Result of the advice chain
* @throws \TYPO3\FLOW3\Security\Exception\AccessDeniedException
* @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
*/
public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$request = $joinPoint->getMethodArgument('request');
if (!$request instanceof ActionRequest) {
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
try {
$this->firewall->blockIllegalRequests($request);
return $joinPoint->getAdviceChain()->proceed($joinPoint);
} catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) {
$response = $joinPoint->getMethodArgument('response');
$entryPointFound = FALSE;
foreach ($this->securityContext->getAuthenticationTokens() as $token) {
$entryPoint = $token->getAuthenticationEntryPoint();
if ($entryPoint !== NULL) {
$entryPointFound = TRUE;
if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
$options = $entryPoint->getOptions();
$this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
} else {
$this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
}
$this->securityContext->setInterceptedRequest($request->getMainRequest());
$entryPoint->startAuthentication($request->getHttpRequest(), $response);
}
}
if ($entryPointFound === FALSE) {
$this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
throw $exception;
}
} catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
$this->securityLogger->log('Access denied', LOG_WARNING);
$response = $joinPoint->getMethodArgument('response');
$response->setStatus(403);
$response->setContent('<h1>403 Forbidden</h1><p>' . $exception->getMessage());
}
}