Merge pull request #159 from chalasr/bugfix_no_jwt_found

Fix anonymous access by removing the AuthenticationCredentialsNotFoundException

Resources/doc/2-data-customization.md

@@ -232,7 +232,7 @@ public function onAuthenticationFailureResponse(AuthenticationFailureEvent $even
 
 #### Events::JWT_INVALID - customize the invalid token response
 
-By default, if the token is invalid or not set, the response is just a json containing the corresponding error message and a 401 status code, but you can set a custom response.
+By default, if the token is invalid, the response is just a json containing the corresponding error message and a 401 status code, but you can set a custom response.
 
 ``` yaml
 # services.yml

Security/Firewall/JWTListener.php

@@ -12,7 +12,6 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Http\Firewall\ListenerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -74,9 +73,11 @@ public function handle(GetResponseEvent $event)
     {
         $request = $event->getRequest();
 
-        try {
+        if (!$requestToken = $this->getRequestToken($request)) {
+            return;
+        }
 
-            $requestToken = $this->getRequestToken($request);
+        try {
 
             $token = new JWTUserToken();
             $token->setRawToken($requestToken);
@@ -137,6 +138,6 @@ protected function getRequestToken(Request $request)
             }
         }
 
-        throw new AuthenticationCredentialsNotFoundException('No JWT token found');
+        return false;
     }
 }