Closed nlegoff closed 11 years ago
I think the kernel.request event is fired, but the RouterListener
listens at a greater priority and throws before the firewall listener ever gets chance to do it's thing.
Indeed, you are right RouterListener listens at a priority of 32 and Firewall listener at a priority of 8.
This week I ran into an issue where, I needed to display user informations when an authenticated user hits /page-not-found.
The problem was that the token I get from the security service in the silex error handler callback was always null despite my /page-not-found being behind a security firewall rule.
To resume
After digging the code I found out that the security context was initialized when the kernel.request event is triggered see https://github.com/fabpot/Silex/blob/master/src/Silex/Provider/SecurityServiceProvider.php#L509
But when someone hits /page-not-found the 'kernel.exception' is triggered not ''kernel.request thus security context is never initialized.
As a workaround I have quickly added the onKernelRequest method from the Firewall object that initialize the context to be triggered on kernel.exception event ...
What do you guys think about this behavior of not being able to retrieve user credentials in error handler ? Does the security context should be initialized on kernel.exception ? If yes should it be by default on silex security provider ? Or on user demand only ?