Closed cma closed 11 years ago
Yes, this is an issue but one that is not easy to fix. The before event is called too late. It should be called as early as possible, but right now, it is called almost as late as possible (if we only look at the built-in events). Moving the event earlier breaks some expectation. So, we need to investigate further what is the right way to fix this and what are the BC break consequences.
For future reference, here is the default built-in listener priorities: http://symfony.com/doc/master/reference/dic_tags.html#core-event-listener-reference
Thanks for the quick response and the link. I'll dig into that.
I'm new to both Silex and Symfony (around 2 months). So my original understanding was that the security firewall sits in front of application (http://symfony.com/doc/2.0/_images/security_ryan_no_role_admin_access.png). As a result, I assume that before hander, controller, and after handler are the 'application' part. So none of the handlers should be called if security check fails.
However, you expect both before handler and after handler should be called in this case, e.g., for every request.
To me, both interpretations make sense. As long as they are consistent, it'll be better.
Code and docs have been updated to be more consistent and flexible (PR #525).
When a security check fails (user enters wrong password, e.g.), no before handlers are called. However, after handlers are always called in this case. Isn't this inconsistent?
A simple example is below: