Symfony 3 - 在我的服务参数中添加 security.authorization_checker 会导致重定向过多

Question

I try to create custom listener in my Symfony 3 app.

I want to check if user is IS_AUTHENTICATED_FULLY or not.

When I add @security.authorization_checker service as arg to mine I get "too many redirect error" to my login route

Does anyone have a working solution in Symfony 3?

security.yml:

security:
    providers:
        main:
            entity:
                class: Customer\CustomerBundle\Entity\utilisateur
                property: loginUtil
encoders:
    Customer\CustomerBundle\Entity\utilisateur:
    algorithm: sha1
    encode_as_base64: false
    iterations: 1

firewalls:
    dev:
    pattern: ^/(_(profiler|wdt)|css|images|js)/
    security: false

    Customer_firewall:
        pattern: ^/
        anonymous: true
        provider: main            

        form_login:
            login_path: /login
            check_path: /login_check

        logout:
            path: /logout
            target: Customer_standard_homepage

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/profile, roles: ROLE_USER }

role_hierarchy:
    ROLE_ADMIN : [ROLE_USER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

Services.yml

services:
login_listener:
    class: 'Customer\CustomerBundle\Listener\LoginListener'
    arguments: ['@security.authorization_checker', '@doctrine']
    tags:
        - { name: 'kernel.event_listener', event: 'security.authentication.success', method: onSecurityAuthentication }

LoginListener.php

<?php
namespace Customer\CustomerBundle\Listener;

use Symfony\Component\Security\Core\Event\AuthenticationEvent;
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;

/**
 * Custom login listener.
 */

class LoginListener
{
  private $authorizationChecker;
  private $em;

  public function __construct(AuthorizationChecker $authorizationChecker, Doctrine $doctrine)
  {
    $this->authorizationChecker = $authorizationChecker;
    $this->em                   = $doctrine->getEntityManager();
  }

  /**
   * Do the magic.
   * 
   * @param InteractiveLoginEvent $event
   */
  public function onSecurityAuthentication(AuthenticationEvent $event)
  {
    if ($this->authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
      // user has just logged in
      error_log('here');
    }

    if ($this->authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
      // user has logged in using remember_me cookie
      error_log('there');
    }

    // do some other magic here
    $user = $event->getAuthenticationToken()->getUser();
    error_log('FINALLY HERE');

    // ...
  }
}

Answer 1

You can use the access decission manager like this:

use Symfony\Bridge\Doctrine\RegistryInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Event\AuthenticationEvent;

class LoginListener
{
    private $accessDecisionManager;
    private $doctrine;

    public function __construct(AccessDecisionManagerInterface $accessDecisionManager, RegistryInterface $doctrine)
    {
        $this->accessDecisionManager = $accessDecisionManager;
        $this->doctrine              = $doctrine;
    }

    /**
     * Do the magic.
     *
     * @param AuthenticationEvent  $event
     */
    public function onSecurityAuthentication(AuthenticationEvent $event)
    {
        $em = $this->doctrine->getEntityManager();
        if ($this->accessDecisionManager->decide($event->getAuthenticationToken(), ['IS_AUTHENTICATED_FULLY'])) {
            error_log('here');
        }

        if ($this->accessDecisionManager->decide($event->getAuthenticationToken(), ['IS_AUTHENTICATED_REMEMBERED'])) {
            // user has logged in using remember_me cookie
            error_log('there');
        }

        // do some other magic here
        $user = $event->getAuthenticationToken()->getUser();
        error_log('FINALLY HERE');

        // ...
    }
}

And the service definition has to be changed to this:

login_listener:
    class: 'Customer\CustomerBundle\Listener\LoginListener'
    arguments: ['@security.access.decision_manager', '@doctrine']
    tags:
        - { name: 'kernel.event_listener', event: 'security.authentication.success', method: onSecurityAuthentication }

I also changed the constructor a bit, in general when using dependency injection it is good practice to reference an interface if possible. Also the constructor should not do too much stuff (I removed the call to getEntityManger() and moved id into the listener).