Permalink
Browse files

feature #3565 added information on AuthenticationFailureHandlerInterf…

…ace (samsamm777)

This PR was submitted for the master branch but it was merged into the 2.4 branch instead (closes #3565).

Discussion
----------

added information on AuthenticationFailureHandlerInterface

The Api Keys documentation made no mention of the AuthenticationFailureHandlerInterface which is required to correctly display Authentication Failure responses. Without it, authentication failures will result in a 500 response. I've made mention to the interface and given an example implementation.

http://symfony.com/doc/current/cookbook/security/api_key_authentication.html#cookbook-security-api-key-config

```
Doc fix? yes
New docs? no
Applies to: 2.4
Fixed tickets: none found
```

Commits
-------

066bccb fixed typo
db8e01a recommendations by xabbuh
3366dfc fixed authentication failed header
21e3536 fixed line wrapping
e4f5c6e added information on AuthenticationFailureHandlerInterface in api keys docs
  • Loading branch information...
weaverryan committed Mar 9, 2014
2 parents d6a17e7 + e915162 commit b02c16aa4304b582a9be8de180544b901f794cfc
Showing with 29 additions and 0 deletions.
  1. +1 −0 .gitignore
  2. +28 −0 cookbook/security/api_key_authentication.rst
View
@@ -0,0 +1 @@
.DS_Store
@@ -210,6 +210,34 @@ exception in ``refreshUser()``.
If you *do* want to store authentication data in the session so that
the key doesn't need to be sent on every request, see :ref:`cookbook-security-api-key-session`.
Handling Authentication Failure
-------------------------------
In order for your ``ApiKeyAuthentication`` to correctly display a 403
http status when either bad credentials or authentication fails you will
need to implement the :class:`Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface` on your
Authenticator. This will provide a method ``onAuthenticationFailure`` which
you can use to create an error ``Response``.
// src/Acme/HelloBundle/Security/ApiKeyAuthenticator.php
namespace Acme\HelloBundle\Security;
use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
{
//...
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
return new Response("Authentication Failed.", 403);
}
}
.. _cookbook-security-api-key-config:
Configuration

0 comments on commit b02c16a

Please sign in to comment.