« Previous | Next » 

Revision b964e06b

IDb964e06bb30ce6eb6e2efcae8723d6b762876139
Parent 03189423

Added by Bastian Waidelich about 8 years ago

[BUGFIX] Authentication does not work any longer without redirects

This fixes a regression that made the authenticated roles only available
in the security context after a redirect following authentication.

Background:

This is a regression introduced with the 1st level cache added in
Id256b168ff9c6aa4cac8da8957ada237f9236c71 but the actual problem is
that the PersistenceQueryRewritingAspect initializes the security
context if it was not initialized before (since change
I44838de1503cbe49cf3fee51921b731bfaa0cfc5) when intercepting QOM
queries setting the context roles to "Anonymous" and "Everybody".

This change adds a new method Context::withoutAuthorizationChecks()
that allows you temporarily disable authorization related interceptors
e.g. PolicyEnforcement and PersistenceQueryRewriting aspects in order
to be able to circumvent authorization in low level operations (for
example to fetch the current account in an AuthenticationProvider).

Usage::

$this->securityContext->withoutAuthorizationChecks(
function ($accountRepository, $username, $providerName, &$account) {
// this will disable the PersistenceQueryRewritingAspect for this one call
$account = $accountRepository
->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName)
}
);

Change-Id: Ib31cd6bcf10504670439d4c700dda0b14e512d80
Related: #46352
Fixes: #46636
Releases: master, 2.0

  • added
  • modified
  • copied
  • renamed
  • deleted