Merge pull request #38 from ethanhann/feature-34-authentication_failure_listener

jfsimon · jfsimon · commit 4f4c054e1531 · 2013-06-29T12:54:06.000-07:00
Feature 34 authentication failure listener
diff --git a/Resources/config/security_listeners.xml b/Resources/config/security_listeners.xml
@@ -10,6 +10,8 @@
         <parameter key="security.authentication.listener.trusted_sso.class">BeSimple\SsoAuthBundle\Security\Http\Firewall\TrustedSsoAuthenticationListener</parameter>
         <parameter key="security.logout.handler.sso.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutHandler</parameter>
         <parameter key="security.logout.sso_success_handler.class">BeSimple\SsoAuthBundle\Security\Http\Logout\SsoLogoutSuccessHandler</parameter>
+        <parameter key="security.authentication.sso_authentication_failure_handler.class">BeSimple\SsoAuthBundle\Security\Http\Authentication\SsoAuthenticationFailureHandler</parameter>
+        <parameter key="security.authentication.hide_user_not_found">FALSE</parameter>
     </parameters>
 
     <services>
@@ -41,5 +43,9 @@
                 <argument type="service" id="be_simple.sso_auth.factory" />
             </call>
         </service>
+
+        <service id="security.authentication.sso.authentication_failure_handler" class="%security.authentication.sso_authentication_failure_handler.class%" abstract="false">
+            <argument type="service" id="templating" />
+        </service>
     </services>
 </container>
diff --git a/Resources/doc/example.md b/Resources/doc/example.md
@@ -1,75 +1,78 @@
-Authentication through SSO CAS Server with Symfony2
-===================================================
-
-- use the Bundle : BeSimpleSsoAuthBundle (instal with Composer)
-- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??)
-
-
-Configure SSO
--------------
-
-In config.yml:
-
-        be_simple_sso_auth:
-            admin_sso:
-                protocol:
-                    id: cas
-                    version: 2
-                server:
-                    id: cas
-                    login_url: https://cas.server.tld/login
-                    logout_url: https://cas.server.tld/logout
-                    validation_url: https://cas.server.tld/serviceValidate
-
-
-
-Create a firewall
------------------
-
-In security.yml:
-	
-        my_firewall:
-            pattern: ^/
-            anonymous: ~
-            trusted_sso:
-                manager: admin_sso
-
-                login_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:login
-                logout_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:logout
-                create_users: true
-                created_users_roles: [ROLE_USER ]
-                check_path: /
-
-
-Create all routes (mandatory even if there is no controller)
-------------------------------------------------------------
-
-In routing.yml :
-
-    login:
-        pattern: /login
-  
-    logout:
-        pattern: /logout
-      
-
-Providers 
----------
-
-Example with Propel:
-
-    providers:
-        administrators:
-            propel: 
-              class: Altern\CdtBundle\Model\User
-              property: username 
-			  
-The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface
-
-
-If necessary, you can disable SSL Certificat Verification
----------------------------------------------------------
-
-Add in parameters.ini : 
-
-    	be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE
+Authentication through SSO CAS Server with Symfony2
+===================================================
+
+- use the Bundle : BeSimpleSsoAuthBundle (install with Composer)
+- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??)
+
+
+Configure SSO
+-------------
+
+In config.yml:
+
+        be_simple_sso_auth:
+            admin_sso:
+                protocol:
+                    id: cas
+                    version: 2
+                server:
+                    id: cas
+                    login_url: https://cas.server.tld/login
+                    logout_url: https://cas.server.tld/logout
+                    validation_url: https://cas.server.tld/serviceValidate
+
+
+
+Create a firewall
+-----------------
+
+    # app/config/security.yml
+    my_firewall:
+        pattern: ^/
+        anonymous: ~
+        trusted_sso:
+            manager: admin_sso
+            login_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:login
+            logout_action: false 		# BeSimpleSsoAuthBundle:TrustedSso:logout
+            create_users: true
+            created_users_roles: [ROLE_USER ]
+            check_path: /
+
+
+Create all routes (mandatory even if there is no controller)
+------------------------------------------------------------
+
+    # app/config/routing.yml
+    login:
+        pattern: /login
+    logout:
+        pattern: /logout
+      
+
+Providers 
+---------
+
+Example with Propel:
+
+    providers:
+        administrators:
+            propel:
+                class: Altern\CdtBundle\Model\User
+                property: username
+
+The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface
+
+Customize the "Username does not exist" error page
+--------------------------------------------------
+
+When a user successfully authenticates, but is not in the user provider's data store (or a user provider is not configured at all),
+then a generic error page is shown indicating that the user was not found. You can customize this error page by overriding the Twig error template,
+as described here: http://symfony.com/doc/current/cookbook/controller/error_pages.html
+
+If necessary, you can disable SSL Certificate Verification
+----------------------------------------------------------
+
+This is handy when using a development server that does not have a valid certificate, but it should not be done in production.
+
+    # app/config/parameters.yml
+    be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE
diff --git a/Security/Http/Authentication/SsoAuthenticationFailureHandler.php b/Security/Http/Authentication/SsoAuthenticationFailureHandler.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace BeSimple\SsoAuthBundle\Security\Http\Authentication;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
+
+class SsoAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
+{
+    private $templating;
+
+    /**
+     * @param $templating Templating service for rendering responses.
+     */
+    public function __construct($templating)
+    {
+        $this->templating = $templating;
+    }
+
+    /**
+     * This is called when an interactive authentication attempt fails.
+     *
+     * @param Request $request
+     * @param AuthenticationException $exception
+     *
+     * @return Response
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
+    {
+        if ($request->isXmlHttpRequest()) {
+            $result = array('success' => false);
+            return new Response(json_encode($result));
+        } else {
+            // Handle non XmlHttp request.
+            $parameters = array(
+                'status_text' => $exception->getMessage(),
+                'status_code' => $exception->getCode(),
+            );
+
+            return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters);
+        }
+    }
+}
