symfony
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/AccessListener.php
+5-3Lines changed: 5 additions & 3 deletions b/‎src/Symfony/Component/Security/Http/Firewall/AccessListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/AccessListener.php
+5-3Lines changed: 5 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
+29Lines changed: 29 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
+29Lines changed: 29 additions & 0 deletions
@@ -95,11 +95,13 @@ public function authenticate(RequestEvent $event)
                 return;
             }
 
-            if ([self::PUBLIC_ACCESS] === $attributes) {
-                return;
+            if ([self::PUBLIC_ACCESS] !== $attributes) {
+                throw $this->createAccessDeniedException($request, $attributes);
             }
+        }
 
-            throw $this->createAccessDeniedException($request, $attributes);
+        if ([self::PUBLIC_ACCESS] === $attributes) {
+            return;
         }
 
         if (!$token->isAuthenticated()) {
 
@@ -18,8 +18,10 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Core\User\User;
 use Symfony\Component\Security\Http\AccessMapInterface;
 use Symfony\Component\Security\Http\Event\LazyResponseEvent;
 use Symfony\Component\Security\Http\Firewall\AccessListener;
@@ -279,6 +281,33 @@ public function testHandleWhenPublicAccessIsAllowedAndExceptionOnTokenIsFalse()
         $this->expectNotToPerformAssertions();
     }
 
+    public function testHandleWhenPublicAccessWhileAuthenticated()
+    {
+        $token = new UsernamePasswordToken(new User('Wouter', null, ['ROLE_USER']), null, 'main', ['ROLE_USER']);
+        $tokenStorage = new TokenStorage();
+        $tokenStorage->setToken($token);
+        $request = new Request();
+
+        $accessMap = $this->createMock(AccessMapInterface::class);
+        $accessMap->expects($this->any())
+            ->method('getPatterns')
+            ->with($this->equalTo($request))
+            ->willReturn([[AccessListener::PUBLIC_ACCESS], null])
+        ;
+
+        $listener = new AccessListener(
+            $tokenStorage,
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')->getMock(),
+            $accessMap,
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            false
+        );
+
+        $listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MASTER_REQUEST));
+
+        $this->expectNotToPerformAssertions();
+    }
+
     public function testHandleMWithultipleAttributesShouldBeHandledAsAnd()
     {
         $request = new Request();
Original file line number	Diff line number	Diff line change
`@@ -95,11 +95,13 @@ public function authenticate(RequestEvent $event)`
`95`	`95`	`return;`
`96`	`96`	`}`
`97`	`97`
`98`		`- if ([self::PUBLIC_ACCESS] === $attributes) {`
`99`		`- return;`
	`98`	`+ if ([self::PUBLIC_ACCESS] !== $attributes) {`
	`99`	`+ throw $this->createAccessDeniedException($request, $attributes);`
`100`	`100`	`}`
	`101`	`+ }`
`101`	`102`
`102`		`- throw $this->createAccessDeniedException($request, $attributes);`
	`103`	`+ if ([self::PUBLIC_ACCESS] === $attributes) {`
	`104`	`+ return;`
`103`	`105`	`}`
`104`	`106`
`105`	`107`	`if (!$token->isAuthenticated()) {`