f557f943ba
This PR was squashed before being merged into the 4.2-dev branch (closes #26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN
1.2 KiB
1.2 KiB
UPGRADE FROM 4.1 to 4.2
Security
- Using the
has_role()function in security expressions is deprecated, use theis_granted()function instead. - Not returning an array of 3 elements from
FirewallMapInterface::getListeners()is deprecated, the 3rd element must be an instance ofLogoutListenerornull. - Passing custom class names to the
Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverto define custom anonymous and remember me token classes is deprecated. To use custom tokens, extend the existingSymfony\Component\Security\Core\Authentication\Token\AnonymousTokenorSymfony\Component\Security\Core\Authentication\Token\RememberMeToken.
SecurityBundle
- Passing a
FirewallConfiginstance as 3rd argument to theFirewallContextconstructor is deprecated, pass aLogoutListenerinstance instead. - Using the
security.authentication.trust_resolver.anonymous_classandsecurity.authentication.trust_resolver.rememberme_classparameters to define the token classes is deprecated. To use custom tokens extend the existing AnonymousToken and RememberMeToken.