symfony · fabpot · Sep 24, 2014 · Sep 24, 2014 · wouterj · Aug 29, 2014
diff --git a/UPGRADE-2.6.md b/UPGRADE-2.6.md
@@ -77,3 +77,27 @@ Validator
   ```
   value == null or (YOUR_EXPRESSION)
   ```
+
+Security
+--------
+
+ * The `SecurityContextInterface` is marked as deprecated in favor of the 
+   `Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface` and 
+   `Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface`.
+   ```
+   isGranted  => AuthorizationCheckerInterface
+   getToken   => TokenStorageInterface
+   setToken   => TokenStorageInterface
+   ```
+   The Implementations have moved too, The `SecurityContext` is marked as 
+   deprecated and has been split to use the `AuthorizationCheckerInterface` 
+   and `TokenStorage`. This change is 100% Backwards Compatible as the SecurityContext 
+   delegates the methods.
+
+ * The service `security.context` is deprecated along with the above change. Recommended 
+   to use instead:
+   ```
+   @security.authorization_checker => isGranted()
+   @security.token_storage         => getToken()
+   @security.token_storage         => setToken()
+   ```
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -10,6 +10,7 @@ CHANGELOG
 * Added `Controller::addFlash` helper
 * Added `Controller::isGranted` helper
 * Added `Controller::denyAccessUnlessGranted` helper
+ * Deprecated `app.security` in twig as `app.user` and `is_granted()` are already available

 2.5.0
 -----

diff --git a/src/Symfony/Bundle/FrameworkBundle/Templating/GlobalVariables.php b/src/Symfony/Bundle/FrameworkBundle/Templating/GlobalVariables.php
@@ -12,10 +12,10 @@
 namespace Symfony\Bundle\FrameworkBundle\Templating;

 use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Session\Session;
-use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\SecurityContext;

 /**
 * GlobalVariables is the entry point for Symfony global variables in Twig templates.
@@ -37,6 +37,7 @@ public function __construct(ContainerInterface $container)
    /**
     * Returns the security context service.
     *
+     * @deprecated Deprecated since version 2.6, to be removed in 3.0.
     * @return SecurityContext|null The security context
     */
    public function getSecurity()
@@ -55,11 +56,11 @@ public function getSecurity()
     */
    public function getUser()
    {
-        if (!$security = $this->getSecurity()) {
+        if (!$tokenStorage = $this->container->get('security.token_storage')) {
            return;
        }

-        if (!$token = $security->getToken()) {
+        if (!$token = $tokenStorage->getToken()) {
            return;
        }


diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/GlobalVariablesTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/GlobalVariablesTest.php
@@ -0,0 +1,79 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Templating;
+
+use Symfony\Bundle\FrameworkBundle\Templating\GlobalVariables;
+use Symfony\Bundle\FrameworkBundle\Tests\TestCase;
+use Symfony\Component\DependencyInjection\Container;
+
+class GlobalVariablesTest extends TestCase
+{
+    private $container;
+    private $globals;
+
+    public function setUp()
+    {
+        $this->container = new Container();
+        $this->globals = new GlobalVariables($this->container);
+    }
+
+    public function testGetSecurity()
+    {
+        $securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+
+        $this->assertNull($this->globals->getSecurity());
+        $this->container->set('security.context', $securityContext);
+        $this->assertSame($securityContext, $this->globals->getSecurity());
+    }
+
+    public function testGetUser()
+    {
+        // missing test cases to return null, only happy flow tested
+        $securityContext = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface');
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+        $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
+
+        $this->container->set('security.token_storage', $securityContext);
+
+        $token
+            ->expects($this->once())
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $securityContext
+            ->expects($this->once())
+            ->method('getToken')
+            ->will($this->returnValue($token));
+
+        $this->assertSame($user, $this->globals->getUser());
+    }
+
+    public function testGetRequest()
+    {
+        $this->markTestIncomplete();
+    }
+
+    public function testGetSession()
+    {
+        $this->markTestIncomplete();
+    }
+
+    public function testGetEnvironment()
+    {
+        $this->markTestIncomplete();
+    }
+
+    public function testGetDubug()
+    {
+        $this->markTestIncomplete();
+    }
+}
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -1,6 +1,12 @@
 CHANGELOG
 =========

+2.6.0
+-----
+
+ * Deprecated the `security.context` service for the `security.token_storage` and 
+   `security.authorization_checker` services.
+
 2.4.0
 -----


diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -6,6 +6,8 @@

    <parameters>
        <parameter key="security.context.class">Symfony\Component\Security\Core\SecurityContext</parameter>
+        <parameter key="security.authorization_checker.class">Symfony\Component\Security\Core\Authorization\AuthorizationChecker</parameter>
+        <parameter key="security.token_storage.class">Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage</parameter>

        <parameter key="security.user_checker.class">Symfony\Component\Security\Core\User\UserChecker</parameter>

@@ -54,11 +56,19 @@

    <services>
        <service id="security.context" class="%security.context.class%">
+            <argument type="service" id="security.token_storage" />
+            <argument type="service" id="security.authorization_checker" />
+        </service>
+
+        <service id="security.authorization_checker" class="%security.authorization_checker.class%">
+            <argument type="service" id="security.token_storage" />
            <argument type="service" id="security.authentication.manager" />
            <argument type="service" id="security.access.decision_manager" />
            <argument>%security.access.always_authenticate_before_granting%</argument>
        </service>

+        <service id="security.token_storage" class="%security.token_storage.class%" />
+
        <!-- Authentication related services -->
        <service id="security.authentication.manager" class="%security.authentication.manager.class%" public="false">
            <argument type="collection" />

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 -----

 * added Symfony\Component\Security\Http\Authentication\AuthenticationUtils
+ * Deprecated the `SecurityContext` class in favor of the `AuthorizationChecker` and `TokenStorage` classes

 2.4.0
 -----

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
@@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Token\Storage;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+/**
+ * TokenStorage contains a TokenInterface
+ *
+ * It gives access to the token representing the current user authentication.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+class TokenStorage implements TokenStorageInterface
+{
+    private $token;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getToken()
+    {
+        return $this->token;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setToken(TokenInterface $token = null)
+    {
+        $this->token = $token;
+    }
+}
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorageInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorageInterface.php
@@ -0,0 +1,36 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authentication\Token\Storage;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+/**
+ * The TokenStorageInterface.
+ *
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+interface TokenStorageInterface
+{
+    /**
+     * Returns the current security token.
+     *
+     * @return TokenInterface|null A TokenInterface instance or null if no authentication information is available
+     */
+    public function getToken();
+
+    /**
+     * Sets the authentication token.
+     *
+     * @param TokenInterface $token A TokenInterface token, or null if no further authentication information should be stored
+     */
+    public function setToken(TokenInterface $token = null);
+}
diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
@@ -0,0 +1,70 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authorization;
+
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
+
+/**
+ * AuthorizationChecker is the main authorization point of the Security component.
+ *
+ * It gives access to the token representing the current user authentication.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+class AuthorizationChecker implements AuthorizationCheckerInterface
+{
+    private $tokenStorage;
+    private $accessDecisionManager;
+    private $authenticationManager;
+    private $alwaysAuthenticate;
+
+    /**
+     * Constructor.
+     *
+     * @param TokenStorageInterface          $tokenStorage
+     * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManager instance
+     * @param AccessDecisionManagerInterface $accessDecisionManager An AccessDecisionManager instance
+     * @param bool                           $alwaysAuthenticate
+     */
+    public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, $alwaysAuthenticate = false)
+    {
+        $this->tokenStorage = $tokenStorage;
+        $this->authenticationManager = $authenticationManager;
+        $this->accessDecisionManager = $accessDecisionManager;
+        $this->alwaysAuthenticate = $alwaysAuthenticate;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token.
+     */
+    final public function isGranted($attributes, $object = null)
+    {
+        if (null === ($token = $this->tokenStorage->getToken())) {
+            throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');
+        }
+
+        if ($this->alwaysAuthenticate || !$token->isAuthenticated()) {
+            $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
+        }
+
+        if (!is_array($attributes)) {
+            $attributes = array($attributes);
+        }
+
+        return $this->accessDecisionManager->decide($token, $attributes, $object);
+    }
+}
diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php
@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authorization;
+
+/**
+ * The AuthorizationCheckerInterface.
+ *
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+interface AuthorizationCheckerInterface
+{
+    /**
+     * Checks if the attributes are granted against the current authentication token and optionally supplied object.
+     *
+     * @param mixed $attributes
+     * @param mixed $object
+     *
+     * @return bool
+     */
+    public function isGranted($attributes, $object = null);
+}
-Original file line number
+Diff line change
@@ -77,3 +77,27 @@ Validator
        ```
        value == null or (YOUR_EXPRESSION)
        ```
+    Security
             Copy link

  
      
    
  

  
      

  
  Member


      

  

  
    
      

      
            wouterj
  

      

      

      


        Aug 29, 2014


      
    

  


        
      
  
  
  
    

    There was a problem hiding this comment.


  

 
  
    

    Choose a reason for hiding this comment

    
      The reason will be displayed to describe this comment to others. Learn more.
    

    
      
      


  


  
    
      shouldn't this be put in the 3.0 upgrade guide? (deprecations aren't documented in upgrade afaik)
    
  
  


    

        
      
  
  
    
  
  
  
    
    Sorry, something went wrong.
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.


  
  


          
      
  
    
    
      
        
            
    All reactions
  


          
          
        
      
    

    



    
        
  
    
        
    
  


      
          
  
      
            Copy link

  
      
    
  

  
      

  
    Contributor


      

  Author


  

  
    
      

      
            linaori
  

      

      

      


        Aug 29, 2014


      
    

  


        
      
  
  
  
    

    There was a problem hiding this comment.


  

 
  
    

    Choose a reason for hiding this comment

    
      The reason will be displayed to describe this comment to others. Learn more.
    

    
      
      


  


  
    
      I have put them here on purpose. When people read it, they will know it will be removed in 3.0. I have no idea where else to give them a heads up.
    
  
  


    

        
      
  
  
    
  
  
  
    
    Sorry, something went wrong.
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.


  
  


          
      
  
    
    
      
        
            
    All reactions
  


          
          
        
      
    

    



    
        
  
    
        
    
  


      
          
  
      
            Copy link

  
      
    
  

  
      

  
  Member


      

  

  
    
      

      
            stof
  

      

      

      


        Aug 29, 2014


      
    

  


        
      
  
  
  
    

    There was a problem hiding this comment.


  

 
  
    

    Choose a reason for hiding this comment

    
      The reason will be displayed to describe this comment to others. Learn more.
    

    
      
      


  


  
    
      @wouterj the deprecated goes in 2.6. The removal in 3.0
    
  
  


    

        
      
  
  
    
  
  
  
    
    Sorry, something went wrong.
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.


  
  


          
      
  
    
    
      
        
            
    All reactions
  


          
          
        
      
    

    



    
        
  
    
        
    
  


      
          
  
      
            Copy link

  
      
    
  

  
      

  
  Member


      

  

  
    
      

      
            wouterj
  

      

      

      


        Aug 29, 2014


      
    

  


        
      
  
  
  
    

    There was a problem hiding this comment.


  

 
  
    

    Choose a reason for hiding this comment

    
      The reason will be displayed to describe this comment to others. Learn more.
    

    
      
      


  


  
    
      @stof but deprecations are put in the changelog of a component and breaks in the upgrade file, or am I wrong?
    
  
  


    

        
      
  
  
    
  
  
  
    
    Sorry, something went wrong.
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.


  
  


          
      
  
    
    
      
        
            
    All reactions
+    --------
+     * The `SecurityContextInterface` is marked as deprecated in favor of the
+       `Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface` and
+       `Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface`.
+       ```
+       isGranted  => AuthorizationCheckerInterface
+       getToken   => TokenStorageInterface
+       setToken   => TokenStorageInterface
+       ```
+       The Implementations have moved too, The `SecurityContext` is marked as
+       deprecated and has been split to use the `AuthorizationCheckerInterface`
+       and `TokenStorage`. This change is 100% Backwards Compatible as the SecurityContext
+       delegates the methods.
+     * The service `security.context` is deprecated along with the above change. Recommended
+       to use instead:
+       ```
+       @security.authorization_checker => isGranted()
+       @security.token_storage         => getToken()
+       @security.token_storage         => setToken()
+       ```