Added a small Upgrade note regarding security.context
This commit is contained in:
parent
d209d1c35a
commit
ade1fef3ae
@ -643,3 +643,25 @@ FrameworkBundle
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Security
|
||||
---------------
|
||||
|
||||
* Injection of the `security.context` service has been reduced to a bare minimum. This means
|
||||
that arguments that once hinted `SecurityContext` or `SecurityContextInterface` will have
|
||||
to be updated accordingly to either the `TokenStorageInterface` or `AuthorizationCheckerInterface`.
|
||||
The following classes now require the `security.token_storage` service instead of the `security.context`,
|
||||
please update your extending implementations accordingly.
|
||||
|
||||
* `AbstractAuthenticationListener`
|
||||
* `AnonymousAuthenticationListener`
|
||||
* `ContextListener`
|
||||
* `SimplePreAuthenticationListener`
|
||||
* `X509AuthenticationListener`
|
||||
* `RemoteUserAuthenticationListener`
|
||||
* `BasicAuthenticationListener`
|
||||
* `DigestAuthenticationListener`
|
||||
* `ExceptionListener`
|
||||
* `SwitchUserListener`
|
||||
* `AccessListener`
|
||||
* `RememberMeListener`
|
||||
|
@ -14,7 +14,6 @@ namespace Symfony\Bundle\FrameworkBundle\Templating;
|
||||
use Symfony\Component\DependencyInjection\ContainerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Session\Session;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\SecurityContext;
|
||||
|
||||
/**
|
||||
|
@ -101,7 +101,7 @@ class ContextListener implements ListenerInterface
|
||||
}
|
||||
|
||||
/**
|
||||
* Writes the SecurityContext to the session.
|
||||
* Writes the security token into the session.
|
||||
*
|
||||
* @param FilterResponseEvent $event A FilterResponseEvent instance
|
||||
*/
|
||||
@ -121,10 +121,6 @@ class ContextListener implements ListenerInterface
|
||||
$request = $event->getRequest();
|
||||
$session = $request->getSession();
|
||||
|
||||
if (null === $session) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ((null === $token = $this->tokenStorage->getToken()) || ($token instanceof AnonymousToken)) {
|
||||
if ($request->hasPreviousSession()) {
|
||||
$session->remove($this->sessionKey);
|
||||
|
@ -36,8 +36,8 @@ interface RememberMeServicesInterface
|
||||
const COOKIE_ATTR_NAME = '_security_remember_me_cookie';
|
||||
|
||||
/**
|
||||
* This method will be called whenever the SecurityContext does not contain
|
||||
* an TokenInterface object and the framework wishes to provide an implementation
|
||||
* This method will be called whenever the TokenStorage does not contain
|
||||
* a TokenInterface object and the framework wishes to provide an implementation
|
||||
* with an opportunity to authenticate the request using remember-me capabilities.
|
||||
*
|
||||
* No attempt whatsoever is made to determine whether the browser has requested
|
||||
|
@ -27,7 +27,7 @@ interface SessionAuthenticationStrategyInterface
|
||||
/**
|
||||
* This performs any necessary changes to the session.
|
||||
*
|
||||
* This method is called before the SecurityContext is populated with a
|
||||
* This method is called before the TokenStorage is populated with a
|
||||
* Token, and only by classes inheriting from AbstractAuthenticationListener.
|
||||
*
|
||||
* @param Request $request
|
||||
|
Reference in New Issue
Block a user