diff --git a/UPGRADE-3.4.md b/UPGRADE-3.4.md
index 6561c15a0b46..3bfbde4b32d5 100644
--- a/UPGRADE-3.4.md
+++ b/UPGRADE-3.4.md
@@ -316,6 +316,10 @@ SecurityBundle
* Deprecated the HTTP digest authentication: `HttpDigestFactory` will be removed in 4.0.
Use another authentication system like `http_basic` instead.
+
+ * Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
+ Using the first configured provider is deprecated since 3.4 and will throw an exception on 4.0.
+ Explicitly configure the provider to use on your firewalls.
Translation
-----------
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
index 688a309466b5..c3ba0ed84c9d 100644
--- a/UPGRADE-4.0.md
+++ b/UPGRADE-4.0.md
@@ -693,6 +693,10 @@ SecurityBundle
* Removed the HTTP digest authentication system. The `HttpDigestFactory` class
has been removed. Use another authentication system like `http_basic` instead.
+
+ * Not configuring explicitly the provider on a firewall is ambiguous when there is more than one registered provider.
+ The first configured provider is not used anymore and an exception is thrown instead.
+ Explicitly configure the provider to use on your firewalls.
Serializer
----------
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 4d5a1b8f86ea..9b02ebac34ee 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -17,6 +17,7 @@ CHANGELOG
* deprecated command `acl:set` along with `SetAclCommand` class
* deprecated command `init:acl` along with `InitAclCommand` class
* Added support for the new Argon2i password encoder
+ * deprecated auto picking the first registered provider when no configured provider on a firewall and ambiguous
3.3.0
-----
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 45ab00ac4787..231d5dae7223 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -359,6 +359,10 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
$defaultProvider = $providerIds[$normalizedName];
} else {
$defaultProvider = reset($providerIds);
+
+ if (count($providerIds) > 1) {
+ @trigger_error(sprintf('Firewall "%s" has no "provider" set but multiple providers exist. Using the first configured provider (%s) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.', $id, key($providerIds)), E_USER_DEPRECATED);
+ }
}
$config->replaceArgument(5, $defaultProvider);
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
index a80f880f8085..433c9ed2ecb2 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
@@ -60,8 +60,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'form_login' => true,
'anonymous' => true,
@@ -74,6 +75,7 @@
'logout_on_user_change' => true,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -82,6 +84,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
index fc9b07c4f18b..4dd85111cfb2 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
@@ -61,8 +61,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
@@ -75,6 +76,7 @@
'user_checker' => null,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -82,6 +84,7 @@
'http_basic' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
index 581407fcc05a..df57aee64bac 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_digest.php
@@ -61,8 +61,9 @@
),
'firewalls' => array(
- 'simple' => array('pattern' => '/login', 'security' => false),
+ 'simple' => array('provider' => 'default', 'pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
+ 'provider' => 'default',
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
@@ -76,6 +77,7 @@
'logout_on_user_change' => true,
),
'host' => array(
+ 'provider' => 'default',
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
@@ -84,6 +86,7 @@
'logout_on_user_change' => true,
),
'with_user_checker' => array(
+ 'provider' => 'default',
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
index 01a5940d8c69..56052deb4a1a 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -43,9 +43,9 @@
-
+
-
+
@@ -57,12 +57,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
index 6d43fcdc4ff8..fbe21f0bb174 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml
@@ -44,9 +44,9 @@
-
+
-
+
@@ -59,12 +59,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
index e5049f2033e5..790a90714a4e 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_digest.xml
@@ -45,9 +45,9 @@
-
+
-
+
@@ -60,12 +60,12 @@
-
+
-
+
app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
index d9489abca135..292154660b6d 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
@@ -43,6 +43,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
form_login: true
@@ -56,6 +57,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -64,6 +66,7 @@ security:
logout_on_user_change: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
index e8ed61ef031b..176494e8ba93 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml
@@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
http_digest:
@@ -59,6 +60,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -66,6 +68,7 @@ security:
http_basic: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
index a2b57201bfbd..1e984256f33d 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_digest.yml
@@ -44,6 +44,7 @@ security:
firewalls:
simple: { pattern: /login, security: false }
secure:
+ provider: default
stateless: true
http_basic: true
http_digest:
@@ -59,6 +60,7 @@ security:
user_checker: ~
host:
+ provider: default
pattern: /test
host: foo\.example\.org
methods: [GET,POST]
@@ -67,6 +69,7 @@ security:
logout_on_user_change: true
with_user_checker:
+ provider: default
anonymous: ~
http_basic: ~
user_checker: app.user_checker
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
index 1055e4afd40f..3dd1f817ae61 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -148,6 +148,31 @@ public function testDeprecationForUserLogout()
$container->compile();
}
+ /**
+ * @group legacy
+ * @expectedDeprecation Firewall "default" has no "provider" set but multiple providers exist. Using the first configured provider (first) is deprecated since 3.4 and will throw an exception in 4.0, set the "provider" key on the firewall instead.
+ */
+ public function testDeprecationForAmbiguousProvider()
+ {
+ $container = $this->getRawContainer();
+
+ $container->loadFromExtension('security', array(
+ 'providers' => array(
+ 'first' => array('id' => 'foo'),
+ 'second' => array('id' => 'bar'),
+ ),
+
+ 'firewalls' => array(
+ 'default' => array(
+ 'http_basic' => null,
+ 'logout_on_user_change' => true,
+ ),
+ ),
+ ));
+
+ $container->compile();
+ }
+
protected function getRawContainer()
{
$container = new ContainerBuilder();