diff --git a/UPGRADE-3.4.md b/UPGRADE-3.4.md
index 6561c15a0b46f..3bfbde4b32d5c 100644
--- a/UPGRADE-3.4.md
+++ b/UPGRADE-3.4.md
@@ -316,6 +316,10 @@ SecurityBundle
* Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
Use another authentication system like `http_basic` instead.
+
+ * Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
+ Using the first configured provider is deprecated since 3.4 and will throw an exception on 4.0.
+ Explicitly configure the provider to use on your firewalls.
Translation
-----------
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
index 688a309466b5d..c3ba0ed84c9d4 100644
--- a/UPGRADE-4.0.md
+++ b/UPGRADE-4.0.md
@@ -693,6 +693,10 @@ SecurityBundle
* Removed the HTTP digest authentication system. The `HttpDigestFactory` class
has been removed. Use another authentication system like `http_basic` instead.
+
+ * Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
+ The first configured provider is not used anymore and an exception is thrown instead.
+ Explicitly configure the provider to use on your firewalls.
Serializer
----------
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 4d5a1b8f86eab..9b02ebac34eee 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -17,6 +17,7 @@ CHANGELOG
* deprecated command `acl:set` along with `SetAclCommand` class
* deprecated command `init:acl` along with `InitAclCommand` class
* Added support for the new Argon2i password encoder
+ * deprecated auto picking the first registered provider when no configured provider on a firewall and ambiguous
3.3.0
-----
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 45ab00ac47871..231d5dae7223d 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -359,6 +359,10 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
$defaultProvider = $providerIds[$normalizedName];
} else {
$defaultProvider = reset($providerIds);
+
+ if (count($providerIds) > 1) {
+ @trigger_error(sprintf('Firewall "%s" has no "provider" set but multiple providers exist. Using the first configured provider (%s) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.', $id, key($providerIds)), E_USER_DEPRECATED);
+ }
}
$config->replaceArgument(5, $defaultProvider);
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
index a80f880f80850..433c9ed2ecb22 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
@@ -60,8 +60,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'form_login' => true,
'anonymous' => true,
@@ -74,6 +75,7 @@
'logout_on_user_change' => true,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -82,6 +84,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
index fc9b07c4f18b2..4dd85111cfb22 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
@@ -61,8 +61,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
@@ -75,6 +76,7 @@
'user_checker' => null,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -82,6 +84,7 @@
'http_basic' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
index 581407fcc05a5..df57aee64bac7 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
@@ -61,8 +61,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
@@ -76,6 +77,7 @@
'logout_on_user_change' => true,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -84,6 +86,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
index 01a5940d8c699..56052deb4a1a1 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -43,9 +43,9 @@
-
+
-
+
@@ -57,12 +57,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
index 6d43fcdc4ff80..fbe21f0bb1742 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
@@ -44,9 +44,9 @@
-
+
-
+
@@ -59,12 +59,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
index e5049f2033e51..790a90714a4e1 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
@@ -45,9 +45,9 @@
-
+
-
+
@@ -60,12 +60,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
index d9489abca1358..292154660b6dc 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
@@ -43,6 +43,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
form_login: true
@@ -56,6 +57,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -64,6 +66,7 @@ security:
logout_on_user_change: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
index e8ed61ef031b9..176494e8ba93f 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
@@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
http_digest:
@@ -59,6 +60,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -66,6 +68,7 @@ security:
http_basic: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
index a2b57201bfbd2..1e984256f33d1 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
@@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
http_digest:
@@ -59,6 +60,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -67,6 +69,7 @@ security:
logout_on_user_change: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
index 1055e4afd40f6..3dd1f817ae618 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -148,6 +148,31 @@ public function testDeprecationForUserLogout()
$container->compile();
}
+ /**
+ * @group legacy
+ * @expectedDeprecation Firewall "default" has no "provider" set but multiple providers exist. Using the first configured provider (first) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.
+ */
+ public function testDeprecationForAmbiguousProvider()
+ {
+ $container = $this->getRawContainer();
+
+ $container->loadFromExtension('security', array(
+ 'providers' => array(
+ 'first' => array('id' => 'foo'),
+ 'second' => array('id' => 'bar'),
+ ),
+
+ 'firewalls' => array(
+ 'default' => array(
+ 'http_basic' => null,
+ 'logout_on_user_change' => true,
+ ),
+ ),
+ ));
+
+ $container->compile();
+ }
+
protected function getRawContainer()
{
$container = new ContainerBuilder();