/** * Handles access authorization. * * @param GetResponseEvent $event A GetResponseEvent instance * * @throws AccessDeniedException * @throws AuthenticationCredentialsNotFoundException */ public function handle(GetResponseEvent $event) { if (null === ($token = $this->tokenStorage->getToken())) { throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.'); } $request = $event->getRequest(); list($attributes) = $this->map->getPatterns($request); if (null === $attributes) { return; } if (!$token->isAuthenticated()) { $token = $this->authManager->authenticate($token); $this->tokenStorage->setToken($token); } if (!$this->accessDecisionManager->decide($token, $attributes, $request)) { $exception = new AccessDeniedException(); $exception->setAttributes($attributes); $exception->setSubject($request); throw $exception; } }
/** * Attempts to switch to another user. * * @param Request $request A Request instance * * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise * * @throws \LogicException * @throws AccessDeniedException */ private function attemptSwitchUser(Request $request) { $token = $this->tokenStorage->getToken(); $originalToken = $this->getOriginalToken($token); if (false !== $originalToken) { if ($token->getUsername() === $request->get($this->usernameParameter)) { return $token; } throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername())); } if (false === $this->accessDecisionManager->decide($token, array($this->role))) { $exception = new AccessDeniedException(); $exception->setAttributes($this->role); throw $exception; } $username = $request->get($this->usernameParameter); if (null !== $this->logger) { $this->logger->info('Attempting to switch to user.', array('username' => $username)); } $user = $this->provider->loadUserByUsername($username); $this->userChecker->checkPostAuth($user); $roles = $user->getRoles(); $roles[] = new SwitchUserRole('ROLE_PREVIOUS_ADMIN', $this->tokenStorage->getToken()); $token = new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey, $roles); if (null !== $this->dispatcher) { $switchEvent = new SwitchUserEvent($request, $token->getUser()); $this->dispatcher->dispatch(SecurityEvents::SWITCH_USER, $switchEvent); } return $token; }