/** * * @param string $message * @param integer $code * @param Exception|null $previous * @param array $scopes * @param string $realmName */ public function __construct($message = '', $code = 403, Exception $previous = null, $scopes = [], $realmName = 'API') { if (empty($message)) { $message = $this->getMessageKey(); } parent::__construct($message, $code, $previous); $this->scopes = $scopes; $this->statusCode = $code; $this->errorCode = 'insufficient_scope'; $this->realmName = $realmName; }
private function handleAccessDeniedException(GetResponseForExceptionEvent $event, AccessDeniedException $exception) { $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); } try { $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); $insufficientAuthenticationException->setToken($token); $event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException)); } catch (\Exception $e) { $event->setException($e); } return; } if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); } try { if (null !== $this->accessDeniedHandler) { $response = $this->accessDeniedHandler->handle($event->getRequest(), $exception); if ($response instanceof Response) { $event->setResponse($response); } } elseif (null !== $this->errorPage) { $subRequest = $this->httpUtils->createRequest($event->getRequest(), $this->errorPage); $subRequest->attributes->set(Security::ACCESS_DENIED_ERROR, $exception); $event->setResponse($event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true)); } } catch (\Exception $e) { if (null !== $this->logger) { $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); } $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); } }
/** * Handles security related exceptions. * * @param GetResponseForExceptionEvent $event An GetResponseForExceptionEvent instance */ public function onKernelException(GetResponseForExceptionEvent $event) { // we need to remove ourselves as the exception listener can be // different depending on the Request $event->getDispatcher()->removeListener(KernelEvents::EXCEPTION, array($this, 'onKernelException')); $exception = $event->getException(); $request = $event->getRequest(); // determine the actual cause for the exception while (null !== ($previous = $exception->getPrevious())) { $exception = $previous; } if ($exception instanceof AuthenticationException) { if (null !== $this->logger) { $this->logger->info(sprintf('Authentication exception occurred; redirecting to authentication entry point (%s)', $exception->getMessage())); } try { $response = $this->startAuthentication($request, $exception); } catch (\Exception $e) { $event->setException($e); return; } } elseif ($exception instanceof AccessDeniedException) { $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception)); $token = $this->context->getToken(); if (!$this->authenticationTrustResolver->isFullFledged($token)) { if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (user is not fully authenticated) by "%s" at line %s; redirecting to authentication entry point', $exception->getFile(), $exception->getLine())); } try { $insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception); $insufficientAuthenticationException->setToken($token); $response = $this->startAuthentication($request, $insufficientAuthenticationException); } catch (\Exception $e) { $event->setException($e); return; } } else { if (null !== $this->logger) { $this->logger->debug(sprintf('Access is denied (and user is neither anonymous, nor remember-me) by "%s" at line %s', $exception->getFile(), $exception->getLine())); } try { if (null !== $this->accessDeniedHandler) { $response = $this->accessDeniedHandler->handle($request, $exception); if (!$response instanceof Response) { return; } } elseif (null !== $this->errorPage) { $subRequest = $this->httpUtils->createRequest($request, $this->errorPage); $subRequest->attributes->set(SecurityContextInterface::ACCESS_DENIED_ERROR, $exception); $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true); } else { return; } } catch (\Exception $e) { if (null !== $this->logger) { $this->logger->error(sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage())); } $event->setException(new \RuntimeException('Exception thrown when handling an exception.', 0, $e)); return; } } } elseif ($exception instanceof LogoutException) { if (null !== $this->logger) { $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage())); } return; } else { return; } $event->setResponse($response); }