Redirect anonymous user to login page - create a custom module [Drupal 8]

In some cases, Websites do not allow anonymous users to access the content. Recently I did have a similar situation where I have created a custom module for it, in Drupal 8.

In the following text, I'll explain to you step by step how to create it. The module name is anonymous_redirect.

First of all, create a folder named "anonymous_redirect" in your modules folder.

Then in module root create a '.info.yml' file to define it. Name it "anonymous_redirect.info.yml".

Paste this code into it:

name: Anonymous redirect
description: Anonymous redirect functionality.
package: Custom
type: module
version: '8.x-1.0'
core: '8.x'
project: 'anonymous_redirect'

Next, as we will use 'event subscriber' for this module, we'll define it.

Create a file  "anonymous_redirect.services.yml", again in module root, and paste the content below:

services:
  anonymous_redirect.event_subscriber:  
    class: Drupal\anonymous_redirect\EventSubscriber\RedirectAnonymousSubscriber
    arguments: []
    tags:
      - {name: event_subscriber}

Now we need to create that event subscriber, in the module root folder. Create a folder "src", then in that newly created folder create another folder "EventSubscriber".

In "EventSubscriber" create a file, and name it "RedirectAnonymousSubscriber.php", which will be our 'event subscriber'. Paste the following content in that file:

<?php
 
namespace Drupal\anonymous_redirect\EventSubscriber;
 
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
/**
 * Event subscriber subscribing to KernelEvents::REQUEST.
 */
class RedirectAnonymousSubscriber implements EventSubscriberInterface {
  public function checkAuthStatus(GetResponseEvent $event) {
    global $base_url;
 
    if (
      \Drupal::currentUser()->isAnonymous() &&
      \Drupal::routeMatch()->getRouteName() != 'user.login' &&
      \Drupal::routeMatch()->getRouteName() != 'user.reset' &&
      \Drupal::routeMatch()->getRouteName() != 'user.reset.form' &&
      \Drupal::routeMatch()->getRouteName() != 'user.reset.login' &&
      \Drupal::routeMatch()->getRouteName() != 'user.pass' ) {
      // add logic to check other routes you want available to anonymous users,
      // otherwise, redirect to login page.
      $route_name = \Drupal::routeMatch()->getRouteName();
     
      if (strpos($route_name, 'view') === 0 && strpos($route_name, 'rest_') !== FALSE) {
        return;
      }
      $response = new RedirectResponse($base_url . '/user/login', 301);
      $event->setResponse($response);
      $event->stopPropagation();
      return;
    }
  }
  public static function getSubscribedEvents() {
    $events[KernelEvents::REQUEST][] = array('checkAuthStatus');
    return $events;
  }
}

What we did here is that we have checked if the user is not logged in and that the route name he is currently occupying is not one of the user login/password reset form - in which case it will always redirect him to the user login page.

And that's it. You can also add some other routes which will not be affected by this redirect.

Activate the module, and try it yourself.