/** * Respond with a challenge on access denied exceptions if appropriate. * * On a 403 (access denied), if there are no credentials on the request, some * authentication methods (e.g. basic auth) require that a challenge is sent * to the client. * * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event * The exception event. */ public function onExceptionSendChallenge(GetResponseForExceptionEvent $event) { if (isset($this->challengeProvider) && $event->getRequestType() === HttpKernelInterface::MASTER_REQUEST) { $request = $event->getRequest(); $exception = $event->getException(); if ($exception instanceof AccessDeniedHttpException && !$this->authenticationProvider->applies($request) && (!isset($this->filter) || $this->filter->appliesToRoutedRequest($request, FALSE))) { $challenge_exception = $this->challengeProvider->challengeException($request, $exception); if ($challenge_exception) { $event->setException($challenge_exception); } } } }
/** * Pass exception handling to authentication manager. * * @param GetResponseForExceptionEvent $event */ public function onException(GetResponseForExceptionEvent $event) { if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) { $this->authenticationProvider->handleException($event); } }