public function handle(GetResponseEvent $event) { $sess = \Dev::getDiscuzSession(); if (!isset($sess->var['groupid']) && !$sess->var['groupid']) { return; } $token = new UserToken(); $token->setUserId($sess->var['uid']); try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { // ... you might log something here // To deny the authentication clear the token. This will redirect to the login page. // Make sure to only clear your token, not those of other authentication listeners. // $token = $this->securityContext->getToken(); // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) { // $this->securityContext->setToken(null); // } // return; throw $failed; } // By default deny authorization $response = new Response(); $response->setStatusCode(Response::HTTP_FORBIDDEN); $event->setResponse($response); }