Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix anonymous access by removing the AuthenticationCredentialsNotFoundException #159

Merged
merged 1 commit into from
Apr 11, 2016

Conversation

chalasr
Copy link
Collaborator

@chalasr chalasr commented Apr 8, 2016

Q A
Bug fix? yes
New feature? no
BC breaks? no
Fixed tickets no
Tests pass? yes

For now, we can't handle the case of no token found in request, so I revert a part of my previous #157.
The problem is that we can't know if the current request can be done anonymously.

@slashfan If you see any way to know if the current request can be authenticated anonymously or not (retrieve firewall config?), I could be able to add a check and throw the exception only if the request cannot be authenticated anonymously.

@chalasr chalasr changed the title Fix anonymous access by removing the AuthenticationCredentialsNotFoundException no token found to Fix anonymous access by removing the AuthenticationCredentialsNotFoundException Apr 8, 2016
chalasr referenced this pull request Apr 8, 2016
Allow to set a custom response in case of authentication failure or invalid/not found token
@slashfan slashfan merged commit 3631b62 into lexik:master Apr 11, 2016
@slashfan
Copy link
Contributor

This may be overkill but why not dispatch a "jwt not found" event and let the flow of the request continue ? It will only be dispatched on a jwt protected firewall so developers can listen to it only if they are interested.

@chalasr
Copy link
Collaborator Author

chalasr commented Apr 11, 2016

@slashfan Separate invalid token and token not found in two events was my first thought, but it seemed overkill while I was able to dispatch the JWT_INVALID event for the two.
Now I think you are right, that would be adapted to add a JWT_NOT_FOUND and dispatch it while letting the request continue (so keep the normal behavior and take the control of the Response).

I be back with the changes quickly!

@chalasr chalasr deleted the bugfix_no_jwt_found branch June 7, 2016 20:09
@chalasr chalasr mentioned this pull request Jul 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants