$request =
$event->
getRequest();
$username =
$request->attributes->
get('_switch_user_username'
);
$request->attributes->
remove('_switch_user_username'
);
if (null ===
$this->tokenStorage->
getToken()) { throw new AuthenticationCredentialsNotFoundException('Could not find original Token object.'
);
} if (self::EXIT_VALUE ===
$username) { $this->tokenStorage->
setToken($this->
attemptExitUser($request));
} else { try { $this->tokenStorage->
setToken($this->
attemptSwitchUser($request,
$username));
} catch (AuthenticationException
$e) { // Generate 403 in any conditions to prevent user enumeration vulnerabilities
throw new AccessDeniedException('Switch User failed: '.
$e->
getMessage(),
$e);
} } if (!
$this->stateless
) { $request->query->
remove($this->usernameParameter
);