Getting security, login, role and authentication related information about the current user with onKernelController event listener

16/10/2014 - SYMFONY

In example below, we're making a call to an end-point and log security, login, role and authentication related information about the current user with onKernelController event listener.


Security.yml.yml


security:
    role_hierarchy:
        ROLE_ADMIN: ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

Listeners.yml


services:
    application_backend.event_listener.kernel_controller:
        class: Application\BackendBundle\EventListener\KernelControllerListener
        arguments: [@security.context, %security.role_hierarchy.roles%, @logger]
        tags:
            - { name: kernel.event_listener, event: kernel.controller, method: onKernelController }

KernelControllerListener.php


namespace Application\BackendBundle\EventListener;

use Psr\Log\LoggerInterface;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
use Symfony\Component\Security\Core\SecurityContextInterface;

class KernelSecurityControllerListener
{
    private $securityContext;
    private $roleHierarchyRoles;
    private $logger;
    private $log = [];

    public function __construct(
        SecurityContextInterface $securityContextInterface,
        $roleHierarchyRoles,
        LoggerInterface $logger
    ) {
        $this->securityContext = $securityContextInterface;
        $this->roleHierarchyRoles = $roleHierarchyRoles;
        $this->logger = $logger;
    }

    public function onKernelController(FilterControllerEvent $event)
    {
        if ($event->isMasterRequest()) {
            $this->log['Token'] = $this->securityContext->getToken();
            $this->log['Attributes'] = $this->securityContext->getToken()->getAttributes();
            $this->log['Credentials'] = $this->securityContext->getToken()->getCredentials();
            $this->log['Roles'] = $this->securityContext->getToken()->getRoles();
            $this->log['Have Correct Role Assigned'] = in_array(
                $this->securityContext->getToken()->getRoles(), $this->roleHierarchyRoles
            ) ? 'Yes' : 'No';
            $this->log['Username'] = $this->securityContext->getToken()->getUsername();
            $this->log['Is User Authenticated'] = $this->securityContext->getToken()->isAuthenticated(
                $this->securityContext->getToken()->getUsername()
            );
            $this->log['Is Logged in (Normal)'] = $this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')
                ? 'Yes' : 'No';
            $this->log['Is Logged in (Remember Me)'] = $this->securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')
                ? 'Yes' : 'No';

            $this->logger->info(json_encode($this->log));
        }
    }
}

Test


We're calling this end-point: http://football.local/app_dev.php/backend/user?page=1&limit=2


Content of dev.log file


[2015-07-05 12:27:14] app.INFO: {"Token":{},"Attributes":[],"Credentials":"","Roles":[],"Have Correct Role Assigned":"No","Username":"anon.","Is User Authenticated":true,"Is Logged in (Normal)":"No","Is Logged in (Remember Me)":"No"} [] []

Result


{
  "Token": {
    
  },
  "Attributes": [
    
  ],
  "Credentials": "",
  "Roles": [
    
  ],
  "Have Correct Role Assigned": "No",
  "Username": "anon.",
  "Is User Authenticated": true,
  "Is Logged in (Normal)": "No",
  "Is Logged in (Remember Me)": "No"
}