[#34] Implement authentication failure listener

The primary purpose of impementing an authentication failure listener is to handle the case when a user is not available via a user provider or if a user provider is not specified at all. Without the listener, if the user does not exist in the provider's data store, or if there is no provider configured at all, then when a user successfully authenticates their browser will be entered into a redirection loop. With the listener, an error page is displayed that indicates that the user does not exist.
BeSimple · Jun 29, 2013 · 30b81d3 · 30b81d3
1 parent f5b10a7
commit 30b81d3
Show file tree

Hide file tree

Showing 3 changed files with 125 additions and 75 deletions.
diff --git a/Resources/config/security_listeners.xml b/Resources/config/security_listeners.xml
@@ -10,6 +10,8 @@
         <parameter key="security.authentication.listener.trusted_sso.class">BeSimple\SsoAuthBundle\Security\Http\Firewall\TrustedSsoAuthenticationListener</parameter>
         <parameter key="security.logout.handler.sso.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutHandler</parameter>
         <parameter key="security.logout.sso_success_handler.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutSuccessHandler</parameter>
+        <parameter key="security.authentication.sso_authentication_failure_handler.class">BeSimple\SsoAuthBundle\Security\Http\Authentication\SsoAuthenticationFailureHandler</parameter>
+        <parameter key="security.authentication.hide_user_not_found">FALSE</parameter>
     </parameters>
 
     <services>
@@ -41,5 +43,9 @@
                 <argument type="service" id="be_simple.sso_auth.factory" />
             </call>
         </service>
+
+        <service id="security.authentication.sso.authentication_failure_handler" class="%security.authentication.sso_authentication_failure_handler.class%" abstract="false">
+            <argument type="service" id="templating" />
+        </service>
     </services>
 </container>
diff --git a/Resources/doc/example.md b/Resources/doc/example.md
@@ -1,75 +1,75 @@
-Authentication through SSO CAS Server with Symfony2
-===================================================
-
-- use the Bundle : BeSimpleSsoAuthBundle (instal with Composer)
-- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??)
-
-
-Configure SSO
--------------
-
-In config.yml:
-
-        be_simple_sso_auth:
-            admin_sso:
-                protocol:
-                    id: cas
-                    version: 2
-                server:
-                    id: cas
-                    login_url: https://cas.server.tld/login
-                    logout_url: https://cas.server.tld/logout
-                    validation_url: https://cas.server.tld/serviceValidate
-
-
-
-Create a firewall
------------------
-
-In security.yml:
-
-        my_firewall:
-            pattern: ^/
-            anonymous: ~
-            trusted_sso:
-                manager: admin_sso
-
-                login_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:login
-                logout_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:logout
-                create_users: true
-                created_users_roles: [ROLE_USER ]
-                check_path: /
-
-
-Create all routes (mandatory even if there is no controller)
-------------------------------------------------------------
-
-In routing.yml :
-
-    login:
-        pattern: /login
-
-    logout:
-        pattern: /logout
-      
-
-Providers 
----------
-
-Example with Propel:
-
-    providers:
-        administrators:
-            propel: 
-              class: Altern\CdtBundle\Model\User
-              property: username 
-			  
-The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface
-
-
-If necessary, you can disable SSL Certificat Verification
----------------------------------------------------------
-
-Add in parameters.ini : 
-
-    	be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE
+Authentication through SSO CAS Server with Symfony2
+===================================================
+
+- use the Bundle : BeSimpleSsoAuthBundle (install with Composer)
+- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??)
+
+
+Configure SSO
+-------------
+
+In config.yml:
+
+        be_simple_sso_auth:
+            admin_sso:
+                protocol:
+                    id: cas
+                    version: 2
+                server:
+                    id: cas
+                    login_url: https://cas.server.tld/login
+                    logout_url: https://cas.server.tld/logout
+                    validation_url: https://cas.server.tld/serviceValidate
+
+
+
+Create a firewall
+-----------------
+
+In security.yml:
+
+        my_firewall:
+            pattern: ^/
+            anonymous: ~
+            trusted_sso:
+                manager: admin_sso
+
+                login_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:login
+                logout_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:logout
+                create_users: true
+                created_users_roles: [ROLE_USER ]
+                check_path: /
+
+
+Create all routes (mandatory even if there is no controller)
+------------------------------------------------------------
+
+In routing.yml :
+
+    login:
+        pattern: /login
+
+    logout:
+        pattern: /logout
+      
+
+Providers 
+---------
+
+Example with Propel:
+
+    providers:
+        administrators:
+            propel: 
+              class: Altern\CdtBundle\Model\User
+              property: username 
+			  
+The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface
+
+
+If necessary, you can disable SSL Certificate Verification
+---------------------------------------------------------
+
+Add in parameters.ini : 
+
+    	be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE
diff --git a/Security/Http/Authentication/SsoAuthenticationFailureHandler.php b/Security/Http/Authentication/SsoAuthenticationFailureHandler.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace BeSimple\SsoAuthBundle\Security\Http\Authentication;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
+
+class SsoAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
+{
+    private $templating;
+
+    /**
+     * @param $templating Templating service for rendering responses.
+     */
+    public function __construct($templating) {
+        $this->templating = $templating;
+    }
+
+    /**
+     * This is called when an interactive authentication attempt fails.
+     *
+     * @param Request $request
+     * @param AuthenticationException $exception
+     *
+     * @return Response
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
+    {
+        if ($request->isXmlHttpRequest()) {
+            $result = array('success' => false);
+            return new Response(json_encode($result));
+        } else {
+            // Handle non XmlHttp request.
+            $parameters = array(
+                'status_text' => $exception->getMessage(),
+                'status_code' => $exception->getCode(),
+            );
+
+            return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters);
+        }
+    }
+}