/** * @return void */ public function process(Event\Type\System\SecurityPolicyApplication $secAppEvent) { // check whether user is authenticated if ($secAppEvent->isAuthRequired() && !$this->authService->isAuthenticated()) { AuthRequired::create('Authentication required')->_throw(); } // check X-Csrf-Token header field if necessary if ($secAppEvent->isCsrfTokenRequired()) { $this->csrfTokenRequired = true; $this->checkCsrfToken(); } }