[Security] made sure that we always replace the security access denied exception to an HTTP one

fabpot · fabpot · commit 46071f3238f0 · 2012-07-13T11:36:57.000+02:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -97,6 +97,8 @@ public function onKernelException(GetResponseForExceptionEvent $event)
                 return;
             }
         } elseif ($exception instanceof AccessDeniedException) {
+            $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
             $token = $this->context->getToken();
             if (!$this->authenticationTrustResolver->isFullFledged($token)) {
                 if (null !== $this->logger) {
@@ -129,8 +131,6 @@ public function onKernelException(GetResponseForExceptionEvent $event)
                         $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
                         $response->setStatusCode(403);
                     } else {
-                        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
                         return;
                     }
                 } catch (\Exception $e) {
@@ -148,8 +148,6 @@ public function onKernelException(GetResponseForExceptionEvent $event)
                 $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
             }
 
-            $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
             return;
         } else {
             return;
