What should authenticateToken() return or throw? Symfony 2.4

1
votes

I'm just creating a new Symfony2 project based on version 2.4.

Working with http://symfony.com/blog/new-in-symfony-2-4-customize-the-security-features-with-ease I created a UserProvider and Authenticator.

According to provided examples authenticateToken() should return proper token or throw new AuthenticationException('message'). In first case when User can be authenticated - everything works fine but when an Exception is thrown - server is not giving 401 or 403 with just regular auth error but is giving 500 with A Token was not found in the SecurityContext! I think it is a new implementation bug, am I right?

1
phpsymfonyauthentication

1 Answers

0
votes

OK, documentation is quite blind for some cases. It is all about entry_point or setting FailureListener.

What you need to remember:

  1. Must define access_control in your security.yml
  2. Must provide service implementing AuthenticationEntryPointInterface as a entry_point /or/
  3. Must implement AuthenticationFailureHandlerInterface in your Authenticator in order to response your own Exceptions.

In my case - solution #3 was proper one.