symfony
diff --git a/‎UPGRADE-3.4.md
Copy file name to clipboardExpand all lines: UPGRADE-3.4.md
+3Lines changed: 3 additions & 0 deletions b/‎UPGRADE-3.4.md
Copy file name to clipboardExpand all lines: UPGRADE-3.4.md
+3Lines changed: 3 additions & 0 deletions
diff --git a/‎UPGRADE-4.0.md
Copy file name to clipboardExpand all lines: UPGRADE-4.0.md
+2Lines changed: 2 additions & 0 deletions b/‎UPGRADE-4.0.md
Copy file name to clipboardExpand all lines: UPGRADE-4.0.md
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+8-2Lines changed: 8 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+8-2Lines changed: 8 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+2Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+26Lines changed: 26 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+26Lines changed: 26 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
+13Lines changed: 13 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
+13Lines changed: 13 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml
Copy file name to clipboard
+13Lines changed: 13 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml
Copy file name to clipboard
+13Lines changed: 13 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
+9-6Lines changed: 9 additions & 6 deletions b/‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
+9-6Lines changed: 9 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
+25Lines changed: 25 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
+25Lines changed: 25 additions & 0 deletions
@@ -302,6 +302,9 @@ SecurityBundle
 
  * Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
    Use another authentication system like `http_basic` instead.
+   
+ * Deprecated setting the `switch_user.stateless` option to false when the firewall is `stateless`.
+   Setting it to false will have no effect in 4.0.
 
 Translation
 -----------
 
@@ -677,6 +677,8 @@ SecurityBundle
 
  * Removed the HTTP digest authentication system. The `HttpDigestFactory` class
    has been removed. Use another authentication system like `http_basic` instead.
+   
+ * The `switch_user.stateless` option is now always true if the firewall is stateless.
 
 Serializer
 ----------
 
@@ -14,6 +14,7 @@ CHANGELOG
  * deprecated HTTP digest authentication
  * deprecated command `acl:set` along with `SetAclCommand` class
  * deprecated command `init:acl` along with `InitAclCommand` class
+ * added `stateless` option to the `switch_user` listener
 
 3.3.0
 -----
 
@@ -304,6 +304,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->scalarNode('provider')->end()
                     ->scalarNode('parameter')->defaultValue('_switch_user')->end()
                     ->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
+                    ->booleanNode('stateless')->defaultValue(false)->end()
                 ->end()
             ->end()
         ;
 
@@ -455,7 +455,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
         // Switch user listener
         if (isset($firewall['switch_user'])) {
             $listenerKeys[] = 'switch_user';
-            $listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider));
+            $listeners[] = new Reference($this->createSwitchUserListener($container, $id, $firewall['switch_user'], $defaultProvider, $firewall['stateless']));
         }
 
         // Access listener
@@ -686,17 +686,23 @@ private function createExceptionListener($container, $config, $id, $defaultEntry
         return $exceptionListenerId;
     }
 
-    private function createSwitchUserListener($container, $id, $config, $defaultProvider)
+    private function createSwitchUserListener($container, $id, $config, $defaultProvider, $stateless)
     {
         $userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider;
 
+        // in 4.0, deprecate and ignore the `switch_user.stateless` key, consider only "stateless" at firewall level and deprecate the `switch_user
+        if ($stateless && false === $config['stateless']) {
+            @trigger_error(sprintf('Firewall "%s" is configured as "stateless" but the "switch_user.stateless" key is set to false. Both should have the same value, the firewall\'s "stateless" value will be used as default value for the "switch_user.stateless" key in 4.0.', $id), E_USER_DEPRECATED);
+        }
+
         $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
         $listener = $container->setDefinition($switchUserListenerId, new ChildDefinition('security.authentication.switchuser_listener'));
         $listener->replaceArgument(1, new Reference($userProvider));
         $listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
         $listener->replaceArgument(3, $id);
         $listener->replaceArgument(6, $config['parameter']);
         $listener->replaceArgument(7, $config['role']);
+        $listener->replaceArgument(9, $config['stateless']);
 
         return $switchUserListenerId;
     }
 
@@ -241,6 +241,7 @@
             <argument>_switch_user</argument>
             <argument>ROLE_ALLOWED_TO_SWITCH</argument>
             <argument type="service" id="event_dispatcher" on-invalid="null"/>
+            <argument>false</argument> <!-- Stateless -->
         </service>
 
         <service id="security.access_listener" class="Symfony\Component\Security\Http\Firewall\AccessListener">
 
@@ -129,6 +129,7 @@ public function testFirewalls()
                 array(
                     'parameter' => '_switch_user',
                     'role' => 'ROLE_ALLOWED_TO_SWITCH',
+                    'stateless' => true,
                 ),
             ),
             array(
@@ -255,6 +256,7 @@ public function testFirewallsWithDigest()
                 array(
                     'parameter' => '_switch_user',
                     'role' => 'ROLE_ALLOWED_TO_SWITCH',
+                    'stateless' => true,
                 ),
             ),
             array(
 
@@ -65,7 +65,7 @@
             'http_basic' => true,
             'form_login' => true,
             'anonymous' => true,
-            'switch_user' => true,
+            'switch_user' => array('stateless' => true),
             'x509' => true,
             'remote_user' => true,
             'logout' => true,
 
@@ -67,7 +67,7 @@
             'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,
             'anonymous' => true,
-            'switch_user' => true,
+            'switch_user' => array('stateless' => true),
             'x509' => true,
             'remote_user' => true,
             'logout' => true,
 
@@ -67,7 +67,7 @@
             'http_digest' => array('secret' => 'TheSecret'),
             'form_login' => true,
             'anonymous' => true,
-            'switch_user' => true,
+            'switch_user' => array('stateless' => true),
             'x509' => true,
             'remote_user' => true,
             'logout' => true,
 
@@ -17,7 +17,7 @@
             'http_basic' => true,
             'form_login' => true,
             'anonymous' => true,
-            'switch_user' => true,
+            'switch_user' => array('stateless' => true),
             'x509' => true,
             'remote_user' => true,
             'logout' => true,
 
@@ -49,7 +49,7 @@
             <http-basic />
             <form-login />
             <anonymous />
-            <switch-user />
+            <switch-user stateless="true" />
             <x509 />
             <remote-user />
             <user-checker />
 
@@ -51,7 +51,7 @@
             <http-digest secret="TheSecret" />
             <form-login />
             <anonymous />
-            <switch-user />
+            <switch-user stateless="true" />
             <x509 />
             <remote-user />
             <user-checker />
 
@@ -52,7 +52,7 @@
             <http-digest secret="TheSecret" />
             <form-login />
             <anonymous />
-            <switch-user />
+            <switch-user stateless="true" />
             <x509 />
             <remote-user />
             <user-checker />
 
@@ -17,7 +17,7 @@
             <http-basic />
             <form-login />
             <anonymous />
-            <switch-user />
+            <switch-user stateless="true" />
             <x509 />
             <remote-user />
             <user-checker />
 
@@ -47,7 +47,8 @@ security:
             http_basic: true
             form_login: true
             anonymous: true
-            switch_user: true
+            switch_user:
+                stateless: true
             x509: true
             remote_user: true
             logout: true
 
@@ -50,7 +50,8 @@ security:
                 secret: TheSecret
             form_login: true
             anonymous: true
-            switch_user: true
+            switch_user:
+                stateless: true
             x509: true
             remote_user: true
             logout: true
 
@@ -50,7 +50,8 @@ security:
                 secret: TheSecret
             form_login: true
             anonymous: true
-            switch_user: true
+            switch_user:
+                stateless: true
             x509: true
             remote_user: true
             logout: true
 
@@ -12,7 +12,8 @@ security:
             http_basic: true
             form_login: true
             anonymous: true
-            switch_user: true
+            switch_user:
+                stateless: true
             x509: true
             remote_user: true
             logout: true
 
@@ -148,6 +148,32 @@ public function testDeprecationForUserLogout()
         $container->compile();
     }
 
+    /**
+     * @group legacy
+     * @expectedDeprecation Firewall "some_firewall" is configured as "stateless" but the "switch_user.stateless" key is set to false. Both should have the same value, the firewall's "stateless" value will be used as default value for the "switch_user.stateless" key in 4.0.
+     */
+    public function testSwitchUserNotStatelessOnStatelessFirewall()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', array(
+            'providers' => array(
+                'default' => array('id' => 'foo'),
+            ),
+
+            'firewalls' => array(
+                'some_firewall' => array(
+                    'stateless' => true,
+                    'http_basic' => null,
+                    'switch_user' => array('stateless' => false),
+                    'logout_on_user_change' => true,
+                ),
+            ),
+        ));
+
+        $container->compile();
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();
 
@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
 
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
 
 class SwitchUserTest extends WebTestCase
@@ -50,6 +51,18 @@ public function testSwitchedUserExit()
         $this->assertEquals('user_can_switch', $client->getProfile()->getCollector('security')->getUser());
     }
 
+    public function testSwitchUserStateless()
+    {
+        $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml'));
+        $client->request('POST', '/chk', array('_switch_user' => 'dunglas'), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}');
+        $response = $client->getResponse();
+
+        $this->assertInstanceOf(JsonResponse::class, $response);
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame(array('message' => 'Welcome @dunglas!'), json_decode($response->getContent(), true));
+        $this->assertSame('dunglas', $client->getProfile()->getCollector('security')->getUser());
+    }
+
     public function getTestParameters()
     {
         return array(
 
@@ -0,0 +1,13 @@
+imports:
+    - { resource: ./config.yml }
+
+security:
+    providers:
+        in_memory:
+            memory:
+                users:
+                    user_can_switch: { password: test, roles: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH] }
+    firewalls:
+        main:
+            switch_user:
+                stateless: true
@@ -49,8 +49,9 @@ class SwitchUserListener implements ListenerInterface
     private $role;
     private $logger;
     private $dispatcher;
+    private $stateless;
 
-    public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null)
+    public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, UserCheckerInterface $userChecker, $providerKey, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, $usernameParameter = '_switch_user', $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null, $stateless = false)
     {
         if (empty($providerKey)) {
             throw new \InvalidArgumentException('$providerKey must not be empty.');
@@ -65,6 +66,7 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt
         $this->role = $role;
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;
+        $this->stateless = $stateless;
     }
 
     /**
@@ -92,12 +94,13 @@ public function handle(GetResponseEvent $event)
             }
         }
 
-        $request->query->remove($this->usernameParameter);
-        $request->server->set('QUERY_STRING', http_build_query($request->query->all()));
+        if (!$this->stateless) {
+            $request->query->remove($this->usernameParameter);
+            $request->server->set('QUERY_STRING', http_build_query($request->query->all()));
+            $response = new RedirectResponse($request->getUri(), 302);
 
-        $response = new RedirectResponse($request->getUri(), 302);
-
-        $event->setResponse($response);
+            $event->setResponse($response);
+        }
     }
 
     /**
 
@@ -266,4 +266,29 @@ public function testSwitchUserWithReplacedToken()
 
         $this->assertSame($replacedToken, $this->tokenStorage->getToken());
     }
+
+    public function testSwitchUserStateless()
+    {
+        $token = new UsernamePasswordToken('username', '', 'key', array('ROLE_FOO'));
+        $user = new User('username', 'password', array());
+
+        $this->tokenStorage->setToken($token);
+        $this->request->query->set('_switch_user', 'kuba');
+
+        $this->accessDecisionManager->expects($this->once())
+            ->method('decide')->with($token, array('ROLE_ALLOWED_TO_SWITCH'))
+            ->will($this->returnValue(true));
+
+        $this->userProvider->expects($this->once())
+            ->method('loadUserByUsername')->with('kuba')
+            ->will($this->returnValue($user));
+        $this->userChecker->expects($this->once())
+            ->method('checkPostAuth')->with($user);
+
+        $listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, null, '_switch_user', 'ROLE_ALLOWED_TO_SWITCH', null, true);
+        $listener->handle($this->event);
+
+        $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $this->tokenStorage->getToken());
+        $this->assertFalse($this->event->hasResponse());
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -304,6 +304,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto`
`304`	`304`	`->scalarNode('provider')->end()`
`305`	`305`	`->scalarNode('parameter')->defaultValue('_switch_user')->end()`
`306`	`306`	`->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()`
	`307`	`+ ->booleanNode('stateless')->defaultValue(false)->end()`
`307`	`308`	`->end()`
`308`	`309`	`->end()`
`309`	`310`	`;`