Symfony2 - check if user has role at authentication

Question

I could not find anything of this particular;

I need a simple check when a user login at the frontend, if this user has for example role: ROLE_CUSTOMER

I need this be done in the authenticationprocess, because it must return an error, if the user dont have this role.

Security.yml

    public:
        pattern:   ^/
        context:            site
        form_login:
            provider:       fos_userbundle
            csrf_provider:  form.csrf_provider   
            check_path:     site_login_check
            login_path:     site_login
            success_handler: authentication_handler
            failure_handler: authentication_handler                
        logout:
            path:           site_logout
            target:         site_login
        anonymous: true   

Answer 1

I think in this case you will have to write your own user provider, cause in FOSuserbundle assume the default ROLE is ROLE_USER and if the user doesn't have any, it will automatically associate it with the user and after the user is enabled FOS consider the user as valid login. Or you need to specify your own login_check.

There is an other way, basically you make the assumption that FOSuser do the login and authentication and then you can create a service, call it successLoginHandler and after the user is "logged in" by fos, you can do your own stuff there and check for this role. If that's not exists you send back an access denied exception.

public function __construct($securityContext)
{
    $this->securityContext = $securityContext;
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
    if(!$this->securityContext->isGranted('ROLE_CUSTOMER')){
        throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
    }
}