AJAX auth errors listener for Symfony2

AjaxAuthenticationListener.php

<?php
namespace Application\ProdrepHelperBundle\Component\Event;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
/**
 */
class AjaxAuthenticationListener
{

    /**
     * Handles security related exceptions.
     *
     * @param GetResponseForExceptionEvent $event An GetResponseForExceptionEvent instance
     */
    public function onCoreException(GetResponseForExceptionEvent $event)
    {
        $exception = $event->getException();
        $request = $event->getRequest();

        if ($request->isXmlHttpRequest()) {
            if ($exception instanceof AuthenticationException || $exception instanceof AccessDeniedException) {
                $event->setResponse(new Response('', 403));
            }
        }
    }
}

base.js

$(document).ready(function() {
    $(document).ajaxError(function (event, jqXHR) {
        if (403 === jqXHR.status) {
            window.location.reload();
        }
    });
});

Can you describe how you hook this event listener into symfony? I'm assuming it's in the service configuration - but I'm not clear on the details.

// config.yml
services:
    ajax.listener:
        class: Application\ProdrepHelperBundle\Component\Event\AjaxAuthenticationListener
        tags:
          - { name: kernel.event_listener, event: kernel.exception, method: onCoreException, priority: 1000 }

Very useful gist. Thank you very much.

Agreed. Very helpful gist. Thank you.

This information was extremely helpful. Thanks!

Thank you! Really helpful gist.

And if you want to register an error handler for AngularJS you can achieve this with this module

angular
    .module('nait.http_authentication', [])
    .config(function ($httpProvider, $provide) {
        $provide.factory('naitHttpAuthenticationInterceptor', function($q) {
            return {
               'responseError': function(rejection) {
                    if (403 === rejection.status) {
                        window.location.reload();
                    }
                    return $q.reject(rejection);
                }
            };
        });

        $httpProvider.interceptors.push('naitHttpAuthenticationInterceptor');
    })
;

Include this angular module and the event handler just by dependency injection in your AngularJS app.

angular.module('myApp', ['nait.http_authentication']);

This is a really helpful Gist! One question though - would it not be pertinent to implement a distinction between the user not being logged in VS being logged in and not having permission to access the URL requested?

Currently, if the user performs an Ajax request to a URL for which they are not authorised then they would experience a page reload which would not be ideal.

Thank you! If anyone would just have an easy solution for global error handling (of just authentication/authorization errors) for superagent...

I am implementing the same solution, I am using jquery Datatables in my application. When I return 403 error, before logging out, it gives a jquery error in alert, and when user clicks OK, session logs out.

Is there a way to do it without that alert coming??

Note that returning it should return an http code 401 instead to be conform with the http standard