From 4fede4a0b8316bc3526a0ef1552c7b3d6c2908cc Mon Sep 17 00:00:00 2001 From: Fred Cox Date: Tue, 8 Aug 2017 16:18:08 +0300 Subject: [PATCH] Symfony Firewall listeners can include a ROLE on the tokens This allows access_control to be enabled on the token url and other parts of the app to known how this user is authenticated --- .../Security/Http/Firewall/ResourceListener.php | 13 +++++++++++-- .../Security/Http/Firewall/TokenListener.php | 9 +++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/ResourceListener.php b/src/Symfony/Component/Security/Http/Firewall/ResourceListener.php index eed56d85..09f6eccd 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ResourceListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ResourceListener.php @@ -36,6 +36,7 @@ class ResourceListener implements ListenerInterface protected $validator; protected $logger; protected $tokenTypeHandlerFactory; + protected $accessTokenRoles; public function __construct( $providerKey, @@ -43,7 +44,8 @@ public function __construct( AuthenticationManagerInterface $authenticationManager, ValidatorInterface $validator, LoggerInterface $logger, - TokenTypeHandlerFactoryInterface $tokenTypeHandlerFactory + TokenTypeHandlerFactoryInterface $tokenTypeHandlerFactory, + array $accessTokenRoles = [] ) { $this->providerKey = $providerKey; $this->tokenStorage = $tokenStorage; @@ -51,6 +53,7 @@ public function __construct( $this->validator = $validator; $this->logger = $logger; $this->tokenTypeHandlerFactory = $tokenTypeHandlerFactory; + $this->accessTokenRoles = $accessTokenRoles; } public function handle(GetResponseEvent $event) @@ -100,7 +103,13 @@ public function handle(GetResponseEvent $event) $token = new AccessToken( $this->providerKey, - $accessToken + $accessToken, + '', + '', + '', + '', + [], + $this->accessTokenRoles ); $tokenAuthenticated = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($tokenAuthenticated); diff --git a/src/Symfony/Component/Security/Http/Firewall/TokenListener.php b/src/Symfony/Component/Security/Http/Firewall/TokenListener.php index 25409fa9..21d6a6df 100644 --- a/src/Symfony/Component/Security/Http/Firewall/TokenListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/TokenListener.php @@ -33,19 +33,22 @@ class TokenListener implements ListenerInterface protected $authenticationManager; protected $validator; protected $logger; + protected $clientTokenRoles; public function __construct( $providerKey, TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, ValidatorInterface $validator, - LoggerInterface $logger + LoggerInterface $logger, + array $clientTokenRoles = [] ) { $this->providerKey = $providerKey; $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->validator = $validator; $this->logger = $logger; + $this->clientTokenRoles = $clientTokenRoles; } public function handle(GetResponseEvent $event) @@ -110,7 +113,9 @@ public function handle(GetResponseEvent $event) $token = new ClientCredentialsToken( $this->providerKey, $clientId, - $clientSecret + $clientSecret, + '', + $this->clientTokenRoles ); $tokenAuthenticated = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($tokenAuthenticated);