ephrin · December 17, 2015 07:33
diff --git a/security.yml b/security.yml
 security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
            
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
                success_handler: acme.demo.xhr_authentication_success_handler
                failure_handler: acme.demo.xhr_authentication_failure_handler
            logout:       true
            anonymous:    ~

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_USER }

    role_hierarchy:
        ROLE_SUPER_ADMIN: ROLE_USER
diff --git a/services.xml b/services.xml
 <?xml version="1.0" ?>

 <container xmlns="http://symfony.com/schema/dic/services"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

    <parameters>
        <parameter key="acme.demo.xhr_core_exception_listener.class">Acme\DemoBundle\Listener\XHRCoreExceptionListener</parameter>
        <parameter key="acme.demo.xhr_authentication_success_handler.class">Acme\DemoBundle\Handler\XHRAuthenticationSuccessHandler</parameter>
        <parameter key="acme.demo.xhr_authentication_failure_handler.class">Acme\DemoBundle\Handler\XHRAuthenticationFailureHandler</parameter>
    </parameters>

    <services>
        <service id="acme.demo.xhr_core_exception_listener" class="%acme.demo.xhr_core_exception_listener.class%">
            <tag name="kernel.event_listener" event="kernel.exception" method="onCoreException" priority="1000" />
        </service>

        <service id="acme.demo.xhr_authentication_success_handler" class="%acme.demo.xhr_authentication_success_handler.class%">
            <argument type="service" id="security.http_utils" />
            <argument type="collection" /> <!-- Options -->
        </service>

        <service id="acme.demo.xhr_authentication_failure_handler" class="%acme.demo.xhr_authentication_failure_handler.class%">
            <argument type="service" id="http_kernel" />
            <argument type="service" id="security.http_utils" />
            <argument type="collection" /> <!-- Options -->
            <argument type="service" id="logger" on-invalid="null" />
        </service>
    </services>

 </container>
diff --git a/XHRAuthenticationFailureHandler.php b/XHRAuthenticationFailureHandler.php
 <?php

 namespace Acme\DemoBundle\Handler;

 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\JsonResponse;

 class XHRAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
 {
    /**
     * @param Request $request
     * @param AuthenticationException $exception
     *
     * @return Response
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        if ($request->isXmlHttpRequest()) {
            $content = array(
                'success' => false,
                'message' => $exception->getMessage()
            );
            return new JsonResponse($content, 400);
        }

        return parent::onAuthenticationFailure($request, $exception);
    }
 }
diff --git a/XHRAuthenticationSuccessHandler.php b/XHRAuthenticationSuccessHandler.php
 <?php

 namespace Acme\DemoBundle\Handler;

 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\JsonResponse;

 class XHRAuthenticationSuccessHandler extends DefaultAuthenticationSuccessHandler
 {
    /**
     * @param Request $request
     * @param TokenInterface $token
     *
     * @return Response
     */
    public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {
        if ($request->isXmlHttpRequest()) {
            $content = array(
                'success' => true
            );
            return new JsonResponse($content, 200);
        }

        return parent::onAuthenticationSuccess($request, $token);
    }
 }
diff --git a/XHRCoreExceptionListener.php b/XHRCoreExceptionListener.php
 <?php

 namespace Acme\DemoBundle\Listener;

 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpFoundation\Response;

 class XHRCoreExceptionListener
 {
    /**
     * Handles security related exceptions.
     *
     * @param GetResponseForExceptionEvent $event
     */
    public function onCoreException(GetResponseForExceptionEvent $event)
    {
        $exception = $event->getException();
        $request = $event->getRequest();

        if (! $request->isXmlHttpRequest()) {
            return;
        }

        // Assume a server error if no explicit code is given
        $statusCode = $exception->getCode();
        if (!array_key_exists($statusCode, Response::$statusTexts)) {
            $statusCode = 500;
        }

        $content = array('success' => false, 'message' => $exception->getMessage());
        $response = new JsonResponse($content, $statusCode);

        $event->setResponse($response);
    }
 }
	security:
	providers:
	fos_userbundle:
	id: fos_user.user_provider.username

	encoders:
	FOS\UserBundle\Model\UserInterface: sha512

	firewalls:
	dev:
	pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/
	security: false

	main:
	pattern: ^/
	form_login:
	provider: fos_userbundle
	csrf_provider: form.csrf_provider
	success_handler: acme.demo.xhr_authentication_success_handler
	failure_handler: acme.demo.xhr_authentication_failure_handler
	logout: true
	anonymous: ~

	access_control:
	- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
	- { path: ^/, role: ROLE_USER }

	role_hierarchy:
	ROLE_SUPER_ADMIN: ROLE_USER
	<?xml version="1.0" ?>

	<container xmlns="http://symfony.com/schema/dic/services"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

	<parameters>
	<parameter key="acme.demo.xhr_core_exception_listener.class">Acme\DemoBundle\Listener\XHRCoreExceptionListener</parameter>
	<parameter key="acme.demo.xhr_authentication_success_handler.class">Acme\DemoBundle\Handler\XHRAuthenticationSuccessHandler</parameter>
	<parameter key="acme.demo.xhr_authentication_failure_handler.class">Acme\DemoBundle\Handler\XHRAuthenticationFailureHandler</parameter>
	</parameters>

	<services>
	<service id="acme.demo.xhr_core_exception_listener" class="%acme.demo.xhr_core_exception_listener.class%">
	<tag name="kernel.event_listener" event="kernel.exception" method="onCoreException" priority="1000" />
	</service>

	<service id="acme.demo.xhr_authentication_success_handler" class="%acme.demo.xhr_authentication_success_handler.class%">
	<argument type="service" id="security.http_utils" />
	<argument type="collection" /> <!-- Options -->
	</service>

	<service id="acme.demo.xhr_authentication_failure_handler" class="%acme.demo.xhr_authentication_failure_handler.class%">
	<argument type="service" id="http_kernel" />
	<argument type="service" id="security.http_utils" />
	<argument type="collection" /> <!-- Options -->
	<argument type="service" id="logger" on-invalid="null" />
	</service>
	</services>

	</container>
	<?php

	namespace Acme\DemoBundle\Handler;

	use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
	use Symfony\Component\Security\Core\Exception\AuthenticationException;
	use Symfony\Component\HttpFoundation\Request;
	use Symfony\Component\HttpFoundation\JsonResponse;

	class XHRAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
	{
	/**
	* @param Request $request
	* @param AuthenticationException $exception
	*
	* @return Response
	*/
	public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
	{
	if ($request->isXmlHttpRequest()) {
	$content = array(
	'success' => false,
	'message' => $exception->getMessage()
	);
	return new JsonResponse($content, 400);
	}

	return parent::onAuthenticationFailure($request, $exception);
	}
	}
	<?php

	namespace Acme\DemoBundle\Listener;

	use Symfony\Component\HttpFoundation\JsonResponse;
	use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
	use Symfony\Component\HttpFoundation\Response;

	class XHRCoreExceptionListener
	{
	/**
	* Handles security related exceptions.
	*
	* @param GetResponseForExceptionEvent $event
	*/
	public function onCoreException(GetResponseForExceptionEvent $event)
	{
	$exception = $event->getException();
	$request = $event->getRequest();

	if (! $request->isXmlHttpRequest()) {
	return;
	}

	// Assume a server error if no explicit code is given
	$statusCode = $exception->getCode();
	if (!array_key_exists($statusCode, Response::$statusTexts)) {
	$statusCode = 500;
	}

	$content = array('success' => false, 'message' => $exception->getMessage());
	$response = new JsonResponse($content, $statusCode);

	$event->setResponse($response);
	}
	}