public function redirectToLogin() { $entryPointFound = FALSE; foreach ($this->securityContext->getAuthenticationTokens() as $token) { if (!is_object($token)) { continue; } $entryPoint = $token->getAuthenticationEntryPoint(); if ($entryPoint !== NULL && $entryPoint->canForward($this->request)) { $entryPointFound = TRUE; if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) { $options = $entryPoint->getOptions(); $options['uri'] = $options['uri'] . "?_redirect=" . urlencode($this->request->getRequestUri()); $entryPoint->setOptions($options); $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO); } else { $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO); } $rootRequest = $this->request; if ($this->request instanceof \TYPO3\FLOW3\MVC\Web\SubRequest) { $rootRequest = $this->request->getRootRequest(); } $this->securityContext->setInterceptedRequest($rootRequest); $entryPoint->startAuthentication($rootRequest, $this->response); throw new \TYPO3\FLOW3\MVC\Exception\StopActionException(); } } if ($entryPointFound === FALSE) { $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE); throw new \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', 1317309673); } }
/** * Logs calls and results of decideOnJoinPoint() * * @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())") * * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint * @throws \Exception * @return void */ public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint) { $exception = $joinPoint->getException(); $subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint'); $message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().'; $this->securityLogger->log($message, \LOG_INFO); throw $exception; }
/** * Advices the dispatch method so that illegal action requests are blocked before * invoking any controller. * * The "request" referred to within this method is an ActionRequest or some other * dispatchable request implementing RequestInterface. Note that we don't deal * with HTTP requests here. * * @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())") * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint * @return mixed Result of the advice chain * @throws \TYPO3\FLOW3\Security\Exception\AccessDeniedException * @throws \TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException */ public function blockIllegalRequestsAndForwardToAuthenticationEntryPoints(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint) { $request = $joinPoint->getMethodArgument('request'); if (!$request instanceof ActionRequest) { return $joinPoint->getAdviceChain()->proceed($joinPoint); } try { $this->firewall->blockIllegalRequests($request); return $joinPoint->getAdviceChain()->proceed($joinPoint); } catch (\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException $exception) { $response = $joinPoint->getMethodArgument('response'); $entryPointFound = FALSE; foreach ($this->securityContext->getAuthenticationTokens() as $token) { $entryPoint = $token->getAuthenticationEntryPoint(); if ($entryPoint !== NULL) { $entryPointFound = TRUE; if ($entryPoint instanceof \TYPO3\FLOW3\Security\Authentication\EntryPoint\WebRedirect) { $options = $entryPoint->getOptions(); $this->securityLogger->log('Redirecting to authentication entry point with URI ' . (isset($options['uri']) ? $options['uri'] : '- undefined -'), LOG_INFO); } else { $this->securityLogger->log('Starting authentication with entry point of type ' . get_class($entryPoint), LOG_INFO); } $this->securityContext->setInterceptedRequest($request->getMainRequest()); $entryPoint->startAuthentication($request->getHttpRequest(), $response); } } if ($entryPointFound === FALSE) { $this->securityLogger->log('No authentication entry point found for active tokens, therefore cannot authenticate or redirect to authentication automatically.', LOG_NOTICE); throw $exception; } } catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) { $this->securityLogger->log('Access denied', LOG_WARNING); $response = $joinPoint->getMethodArgument('response'); $response->setStatus(403); $response->setContent('<h1>403 Forbidden</h1><p>' . $exception->getMessage()); } }