Esempio n. 1
0
 public function redirectToLogin()
 {
     $entryPointFound = FALSE;
     foreach ($this->securityContext->getAuthenticationTokens() as $token) {
         if (!is_object($token)) {
             continue;
         }
         $entryPoint = $token->getAuthenticationEntryPoint();
         if ($entryPoint !== NULL && $entryPoint->canForward($this->request)) {
             $entryPointFound = TRUE;
             if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
                 $options = $entryPoint->getOptions();
                 $options['uri'] = $options['uri'] . "?_redirect=" . urlencode($this->request->getRequestUri());
                 $entryPoint->setOptions($options);
                 $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
             } else {
                 $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
             }
             $rootRequest = $this->request;
             if ($this->request instanceof \TYPO3\FLOW3\MVC\Web\SubRequest) {
                 $rootRequest = $this->request->getRootRequest();
             }
             $this->securityContext->setInterceptedRequest($rootRequest);
             $entryPoint->startAuthentication($rootRequest, $this->response);
             throw new \TYPO3\FLOW3\MVC\Exception\StopActionException();
         }
     }
     if ($entryPointFound === FALSE) {
         $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
         throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', 1317309673);
     }
 }
Esempio n. 2
0
 /**
  * Logs calls and results of decideOnJoinPoint()
  *
  * @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())")
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @throws \Exception
  * @return void
  */
 public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $exception = $joinPoint->getException();
     $subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint');
     $message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().';
     $this->securityLogger->log($message, \LOG_INFO);
     throw $exception;
 }
Esempio n. 3
0
 /**
  * Advices the dispatch method so that illegal action requests are blocked before
  * invoking any controller.
  *
  * The "request" referred to within this method is an ActionRequest or some other
  * dispatchable request implementing RequestInterface. Note that we don't deal
  * with HTTP requests here.
  *
  * @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  * @throws \TYPO3\FLOW3\Security\Exception\AccessDeniedException
  * @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException
  */
 public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $request = $joinPoint->getMethodArgument('request');
     if (!$request instanceof ActionRequest) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
     try {
         $this->firewall->blockIllegalRequests($request);
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     } catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) {
         $response = $joinPoint->getMethodArgument('response');
         $entryPointFound = FALSE;
         foreach ($this->securityContext->getAuthenticationTokens() as $token) {
             $entryPoint = $token->getAuthenticationEntryPoint();
             if ($entryPoint !== NULL) {
                 $entryPointFound = TRUE;
                 if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) {
                     $options = $entryPoint->getOptions();
                     $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO);
                 } else {
                     $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO);
                 }
                 $this->securityContext->setInterceptedRequest($request->getMainRequest());
                 $entryPoint->startAuthentication($request->getHttpRequest(), $response);
             }
         }
         if ($entryPointFound === FALSE) {
             $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE);
             throw $exception;
         }
     } catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
         $this->securityLogger->log('Access denied', LOG_WARNING);
         $response = $joinPoint->getMethodArgument('response');
         $response->setStatus(403);
         $response->setContent('<h1>403 Forbidden</h1><p>' . $exception->getMessage());
     }
 }