Merge remote branch 'schmittjoh/security'

* schmittjoh/security:
  changed condition nesting
  [Security] ACL: AclVoter::vote only gets an ObjectIdentity if $object is not an instance of ObjectIdentityInterface
  [SecurityBundle] fixed missing argument EventDisplatcher in RememberMe service

src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml

@@ -22,6 +22,7 @@
             <argument type="service" id="security.authentication.rememberme" />
             <argument type="service" id="security.authentication.manager" />
             <argument type="service" id="logger" on-invalid="null" />
+            <argument type="service" id="event_dispatcher" on-invalid="null"/>
         </service>
         
         <service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">

src/Symfony/Component/Security/Acl/Voter/AclVoter.php

@@ -18,6 +18,7 @@ use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
 use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
 use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
 use Symfony\Component\Security\Acl\Model\AclProviderInterface;
+use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
 use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
 use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
 use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
@@ -78,7 +79,9 @@ class AclVoter implements VoterInterface
                     $field = null;
                 }
 
-                if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
+                if ($object instanceof ObjectIdentityInterface) {
+                    $oid = $object;
+                } else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
                     if (null !== $this->logger) {
                         $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
                     }

src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php

@@ -67,6 +67,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
      * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance
      * @param array                          $options               An array of options for the processing of a successful, or failed authentication attempt
      * @param LoggerInterface                $logger                A LoggerInterface instance
+     * @param EventDispatcherInterface       $dispatcher            An EventDispatcherInterface instance
      */
     public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
     {

src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php

@@ -47,6 +47,7 @@ class RememberMeListener implements ListenerInterface
      * @param RememberMeServicesInterface $rememberMeServices
      * @param AuthenticationManagerInterface $authenticationManager
      * @param LoggerInterface $logger
+     * @param EventDispatcherInterface $dispatcher
      */
     public function __construct(SecurityContext $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
     {

tests/Symfony/Tests/Component/Security/Acl/Voter/AclVoterTest.php

@@ -361,6 +361,52 @@ class AclVoterTest extends \PHPUnit_Framework_TestCase
         $this->assertSame(VoterInterface::ACCESS_DENIED, $voter->vote($this->getToken(), new FieldVote(new \stdClass(), 'foo'), array('VIEW')));
     }
     
+    public function testWhenReceivingAnObjectIdentityInterfaceWeDontRetrieveANewObjectIdentity()
+    {
+        list($voter, $provider, $permissionMap, $oidStrategy, $sidStrategy) = $this->getVoter();
+        
+        $oid = new ObjectIdentity('someID','someType');
+        
+        $permissionMap
+            ->expects($this->once())
+            ->method('contains')
+            ->will($this->returnValue(true))
+        ;
+        $permissionMap
+            ->expects($this->once())
+            ->method('getMasks')
+            ->with($this->equalTo('VIEW'))
+            ->will($this->returnValue($masks = array(1, 2, 3)))
+        ;
+
+        $oidStrategy
+            ->expects($this->never())
+            ->method('getObjectIdentity')
+        ;
+
+        $sidStrategy
+            ->expects($this->once())
+            ->method('getSecurityIdentities')
+            ->will($this->returnValue($sids = array(new UserSecurityIdentity('johannes', 'Foo'), new RoleSecurityIdentity('ROLE_FOO'))))
+        ;
+
+        $provider
+            ->expects($this->once())
+            ->method('findAcl')
+            ->with($this->equalTo($oid), $this->equalTo($sids))
+            ->will($this->returnValue($acl = $this->getMock('Symfony\Component\Security\Acl\Model\AclInterface')))
+        ;
+
+        $acl
+            ->expects($this->once())
+            ->method('isGranted')
+            ->with($this->identicalTo($masks), $this->equalTo($sids), $this->isFalse())
+            ->will($this->throwException(new NoAceFoundException('No ACE')))
+        ;
+
+        $voter->vote($this->getToken(), $oid, array('VIEW'));
+    }
+
     protected function getToken()
     {
         return $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');