Merge pull request #10 from gfreeau/feature-configure-access

Added ability to throw exceptions for handling later and to disable the catch-all entry point
lexik · May 16, 2014 · 27fdd41 · 27fdd41
2 parents 99a8d44 + 5bd5f75
commit 27fdd41
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 9 deletions.
diff --git a/DependencyInjection/Security/Factory/JWTFactory.php b/DependencyInjection/Security/Factory/JWTFactory.php
@@ -27,10 +27,15 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
 
         $listenerId = 'security.authentication.listener.jwt.' . $id;
         $container
-            ->setDefinition($listenerId, new DefinitionDecorator('lexik_jwt_authentication.security.authentication.listener'));
+            ->setDefinition($listenerId, new DefinitionDecorator('lexik_jwt_authentication.security.authentication.listener'))
+            ->replaceArgument(2, $config)
+        ;
 
-        // entry point
-        $entryPointId = $this->createEntryPoint($container, $id, $defaultEntryPoint);
+        $entryPointId = $defaultEntryPoint;
+
+        if ($config['create_entry_point']) {
+            $entryPointId = $this->createEntryPoint($container, $id, $defaultEntryPoint);
+        }
 
         if ($config['authorization_header']['enabled']) {
 
@@ -106,15 +111,25 @@ public function addConfiguration(NodeDefinition $node)
                         ->end()
                     ->end()
                 ->end()
+                ->booleanNode('throw_exceptions')
+                    ->defaultFalse()
+                ->end()
+                ->booleanNode('create_entry_point')
+                    ->defaultTrue()
+                ->end()
             ->end();
     }
 
+    /**
+     * Create an entry point, by default it sends a 401 header and ends the request
+     *
+     * @param $container
+     * @param $id
+     * @param $defaultEntryPoint
+     * @return string
+     */
     protected function createEntryPoint($container, $id, $defaultEntryPoint)
     {
-        if (null !== $defaultEntryPoint) {
-            return $defaultEntryPoint;
-        }
-
         $entryPointId = 'lexik_jwt_authentication.security.authentication.entry_point.'.$id;
         $container->setDefinition($entryPointId, new DefinitionDecorator('lexik_jwt_authentication.security.authentication.entry_point'));
 

diff --git a/README.md b/README.md
@@ -99,6 +99,8 @@ firewalls:
             query_parameter:      # check token in query string parameter
                 enabled: true
                 name:    bearer
+            throw_exceptions: false     # When an authentication failure occurs, return a 401 response immediately
+            create_entry_point: true    # When no authentication details are provided, create a default entry point that returns a 401 response
 
 access_control:
     - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

diff --git a/Resources/config/services.xml b/Resources/config/services.xml
@@ -41,6 +41,7 @@
         <service id="lexik_jwt_authentication.security.authentication.listener" class="%lexik_jwt_authentication.security.authentication.listener.class%" public="false">
             <argument type="service" id="security.context"/>
             <argument type="service" id="security.authentication.manager" />
+            <argument /> <!-- Options -->
         </service>
         <!-- Authorization Header Token Extractor -->
         <service id="lexik_jwt_authentication.extractor.authorization_header_extractor" class="%lexik_jwt_authentication.extractor.authorization_header_extractor.class%" public="false">

diff --git a/Security/Firewall/JWTListener.php b/Security/Firewall/JWTListener.php
@@ -29,6 +29,8 @@ class JWTListener implements ListenerInterface
      */
     protected $authenticationManager;
 
+    protected $config;
+
     /**
      * @var array
      */
@@ -37,11 +39,16 @@ class JWTListener implements ListenerInterface
     /**
      * @param SecurityContextInterface       $securityContext
      * @param AuthenticationManagerInterface $authenticationManager
+     * @param array                          $config
      */
-    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager)
+    public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, array $config = array())
     {
         $this->securityContext       = $securityContext;
         $this->authenticationManager = $authenticationManager;
+        $this->config                = array_merge(
+            array('throw_exceptions' => false),
+            $config
+        );
         $this->tokenExtractors       = array();
     }
 
@@ -65,11 +72,13 @@ public function handle(GetResponseEvent $event)
             return;
 
         } catch (AuthenticationException $failed) {
+            if ($this->config['throw_exceptions']) {
+                throw $failed;
+            }
 
             $response = new Response();
             $response->setStatusCode(401);
             $event->setResponse($response);
-
         }
     }