SecurityMiddleware

class OC\AppFramework\Middleware\Security\SecurityMiddleware
Used to do all the authentication and checking stuff for a controller method
It reads out the annotations of a controller method and checks which if
security things should be checked and also handles errors in case a security
check fails
Source:lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php#70
Parent:OCP\AppFramework\Middleware

Properties

Methods

public OC\AppFramework\Middleware\Security\SecurityMiddleware::__construct($request, $reflector, $navigationManager, $urlGenerator, $logger, $appName, $isLoggedIn, $isAdminUser, $isSubAdmin, $appManager, $l10n)
Source:lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php#94
public OC\AppFramework\Middleware\Security\SecurityMiddleware::beforeController($controller, $methodName)
This runs all the security checks before a method call. The
security checks are determined by inspecting the controller method
annotations
Source:

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php#129

Parameters:
Throws:

\OC\AppFramework\Middleware\Security\Exceptions\SecurityException when a security check fails

public OC\AppFramework\Middleware\Security\SecurityMiddleware::afterException($controller, $methodName, $exception)
If an SecurityException is being caught, ajax requests return a JSON error
response and non ajax requests redirect to the index
Source:

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php#212

Parameters:
  • $controller (OCP\AppFramework\Controller) the controller that is being called
  • $methodName (string) the name of the method that will be called on

the controller * $exception (Exception) the thrown exception

Throws:

\Exception the passed in exception if it can’t handle it

Returns:

\OCP\AppFramework\Http\Response a Response object or null in case that the exception could not be handled