-
-
Notifications
You must be signed in to change notification settings - Fork 947
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] /api behind a firewall trigger an AccessDeniedException that is then transformed into a InsufficientAuthenticationException #519
Comments
We probably to add this exception there: https://github.com/api-platform/core/blob/master/src/Bridge/Symfony/Bundle/DependencyInjection/Configuration.php#L245-L248 Would you mind opening a pull request? |
I'll look at this tomorrow to try the modification and test it |
I also opened an issue on symfony there is a bug with the json_login security system that can impact api-platform: symfony/symfony#25806 |
@dunglas seeing as the PR didn't get anywhere and this doesn't seem to be getting anywhere on the Symfony issue, what is the proper course of action here to get it fixed mainline? |
@asimonf IMO it should be fixed upstream in Symfony. I think that a PR would be very welcome. |
Fixed in Symfony: symfony/symfony#28801. |
I'm trying to secure the api and i configured the security.yaml like this:
An i configure my entities with that kind of annotations:
When i try to access to
/api/authors?page=1
then i expect an HTTP 403 but i get an HTTP 500 sent from Symfony\Component\Security\Core\Exception\InsufficientAuthenticationExceptionIf i look at the stack i can see that the original Exception is an Symfony\Component\Security\Core\Exception\AccessDeniedException thornw by the api-platform\core\src\Security\EventListener\DenyAccessListener.php
When i look at the Symfony Security Component documentation i see that i have to setup the status_code to get an HTTPException, or i'll get an AccessDeniedException.
So, is it possible to ask API-Platform to return a 403 ? and how can i do this ?
My setup is always a Symfony 4, with Flex, recipes Annotations, and bundles Security, SensioExtraFramework, a,d component api-platform from master
Thanks for help
The text was updated successfully, but these errors were encountered: