Commit13f57a2

committed

[fixed] Fixed example code so that custom authentication providers only clear their own tokens

1 parent4eeec12 commit13f57a2Copy full SHA for 13f57a2

File tree

-1

lines changed

-1

lines changed

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,11 @@ set an authenticated token in the security context if successful.`
`144`	`144`	`// ... you might log something here`
`145`	`145`
`146`	`146`	`// To deny the authentication clear the token. This will redirect to the login page.`
`147`		`- // $this->securityContext->setToken(null);`
	`147`	`+ // Make sure to only clear your token, not those of other authentication listeners.`
	`148`	`+ // $token = $this->securityContext->getToken();`
	`149`	`+ // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {`
	`150`	`+ // $this->securityContext->setToken(null);`
	`151`	`+ // }`
`148`	`152`	`// return;`
`149`	`153`
`150`	`154`	`// Deny authentication with a '403 Forbidden' HTTP response`

Comments

(0)