Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c2e4d54

Browse files
wouterjwouterj
committed
Use auth trust resolver to determine anonymous in ContextListener
1 parent 83ebf97 commit c2e4d54

3 files changed

Lines changed: 16 additions & 3 deletions

File tree

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@
4141
<argument type="collection" />
4242
<argument /> <!-- Provider Key -->
4343
<argument type="service" id="logger" on-invalid="null" />
44-
<argument type="service" id="event_dispatcher" on-invalid="null"/>
44+
<argument type="service" id="event_dispatcher" on-invalid="null" />
45+
<argument type="service" id="security.authentication.trust_resolver" />
4546
</service>
4647

4748
<service id="security.logout_listener" class="Symfony\Component\Security\Http\Firewall\LogoutListener" public="false" abstract="true">

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@
1515
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1616
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1717
use Symfony\Component\HttpKernel\KernelEvents;
18+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
19+
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
1820
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
1921
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2022
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -39,8 +41,9 @@ class ContextListener implements ListenerInterface
3941
private $userProviders;
4042
private $dispatcher;
4143
private $registered;
44+
private $trustResolver;
4245

43-
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
46+
public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
4447
{
4548
if (empty($contextKey)) {
4649
throw new \InvalidArgumentException('$contextKey must not be empty.');
@@ -58,6 +61,7 @@ public function __construct(TokenStorageInterface $tokenStorage, array $userProv
5861
$this->sessionKey = '_security_'.$contextKey;
5962
$this->logger = $logger;
6063
$this->dispatcher = $dispatcher;
64+
$this->trustResolver = $trustResolver ?: new AuthenticationTrustResolver('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken', 'Symfony\Component\Security\Core\Authentication\Token\RememberMeToken');
6165
}
6266

6367
/**
@@ -121,7 +125,7 @@ public function onKernelResponse(FilterResponseEvent $event)
121125
$request = $event->getRequest();
122126
$session = $request->getSession();
123127

124-
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
128+
if ((null === $token = $this->tokenStorage->getToken()) || ($this->trustResolver->isAnonymous($token))) {
125129
if ($request->hasPreviousSession()) {
126130
$session->remove($this->sessionKey);
127131
}

src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1919
use Symfony\Component\HttpKernel\HttpKernelInterface;
2020
use Symfony\Component\HttpKernel\KernelEvents;
21+
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
2122
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
2223
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
2324
use Symfony\Component\Security\Http\Firewall\ContextListener;
@@ -85,6 +86,13 @@ public function testOnKernelResponseWillRemoveSession()
8586
$this->assertFalse($session->has('_security_session'));
8687
}
8788

89+
public function testOnKernelResponseWillRemoveSessionOnAnonymousToken()
90+
{
91+
$session = $this->runSessionOnKernelResponse(new AnonymousToken('secret', 'anon.'), 'C:10:"serialized"');
92+
93+
$this->assertFalse($session->has('_security_session'));
94+
}
95+
8896
public function testOnKernelResponseWithoutSession()
8997
{
9098
$tokenStorage = new TokenStorage();

0 commit comments

Comments
 (0)