Outline of how it’s involved in Symfony2:
- AppKernel -> handle is called ( look app.php )
- FrameworkBundle :: HttpKernel’s -> handle is called
- Component :: HttpKernel’s handle is called. Which then calls handleRaw
- The HttpKernel dispatches an kernel.request event.
- The event is captured by a Firewall previously set as a listener by the SecurityBundle’s security.xml
- The onKernelRequest method of this Firewall is called.
- The firewall loops trough all the AuthenticationListeners which where set here ( lines 213 to 225 ) as part of the Firewall and call it’s handle method.
- If a security violation is detected ( the authentication listeners will throw this exceptions ), a kernel.exception is detected by an ExceptionListener previosuly set in security_listeners.xml and registered in the Firewall at the time of the Request.
So that’s an overview of how the SecurityBundle intercepts Requests and based on the reaction of the AuthenticationListeners will do nothing or throw an exception informing about the security violation.
Step 4 is where the magic happens, as you can see, the Request is intercepted before reaching the actual controller. As described here:
(The numbers in the image are NOT related with the numbers in this article, they are part of the image form the Symfony book)