1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Acl\Domain;
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
use Symfony\Component\Security\Core\Authentication\Token\NullToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
/**
* Strategy for retrieving security identities.
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface
{
private $roleHierarchy;
private $authenticationTrustResolver;
/**
* Constructor.
*/
public function __construct(RoleHierarchyInterface $roleHierarchy, AuthenticationTrustResolverInterface $authenticationTrustResolver)
{
$this->roleHierarchy = $roleHierarchy;
$this->authenticationTrustResolver = $authenticationTrustResolver;
}
/**
* {@inheritdoc}
*
* @return RoleSecurityIdentity[]
*/
public function getSecurityIdentities(TokenInterface $token)
{
$sids = [];
// add user security identity
if (!$token instanceof AnonymousToken && !$token instanceof NullToken) {
try {
$sids[] = UserSecurityIdentity::fromToken($token);
} catch (\InvalidArgumentException $e) {
// ignore, user has no user security identity
}
}
// add all reachable roles
foreach ($this->roleHierarchy->getReachableRoleNames($token->getRoleNames()) as $role) {
$sids[] = new RoleSecurityIdentity($role);
}
// add built-in special roles
if ($this->authenticationTrustResolver->isFullFledged($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$this->addAnonymousRoles($sids);
} elseif ($this->authenticationTrustResolver->isRememberMe($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$this->addAnonymousRoles($sids);
} elseif ($this->isNotAuthenticated($token)) {
$this->addAnonymousRoles($sids);
}
return $sids;
}
private function isNotAuthenticated(TokenInterface $token): bool
{
if (method_exists($this->authenticationTrustResolver, 'isAuthenticated')) {
return !$this->authenticationTrustResolver->isAuthenticated($token);
}
return $this->authenticationTrustResolver->isAnonymous($token);
}
private function addAnonymousRoles(array &$sids)
{
$sids[] = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
if (\defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS')) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::PUBLIC_ACCESS);
}
}
}
|
