Closed tiraeth closed 10 years ago
The entry point is not required. In the documentation, the factory returns NULL
as entry point id for the example of WSSE authentication provider.
http://silex.sensiolabs.org/doc/providers/security.html#defining-a-custom-authentication-provider
When there is NULL
provided, the response you get is HTTP/1.1 302 Found
with redirect to /login
. This is not the result you would expect using X.509
authentication.
How to achieve such? Clone my repository, replace line 48 in X509AuthenticationProvider.php
and set null
instead of reference to the new entry point. When you run a test, you will get 302
instead of 403
.
I've tried implementing the response 403
without the entry point, without success.
When the entry point id is NULL
, it is created with the form proto: https://github.com/fabpot/Silex/blob/master/src/Silex/Provider/SecurityServiceProvider.php#L233-L236
Closing as https://github.com/tiraeth/silex-x509 seems to fix this issue.
The documentation says that Silex comes with
x509
authentication provider but that's not true. One has to create a factory for such provider, listener and also entry point.I have created a provider here (https://packagist.org/packages/mach/silex-x509) and wonder if this couldn't be included in Silex out of the box.
The code from the provider could be included in
SecurityServiceProvider
class. The additional class isX509AuthenticationEntryPoint
which should be either available right fromsymfony/security
component or should be included in Silex.The reason is that without such EntryPoint, the default one is Form (which redirects to
/login
) and there is no relevant entry point in Security component that would let us to just throwHTTP/1.0 403 Forbidden
.What do you think? I am OK with creating a PR for Silex (with X.509 factory) and for Security component with
Http403ForbiddenEntryPoint
(lets name it by its Spring equivalent). I am also OK with leaving x.509 as an external provider if you decide so.