|
11 | 11 |
|
12 | 12 | namespace Symfony\Bundle\SecurityBundle\DependencyInjection; |
13 | 13 |
|
| 14 | +use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\GuardFactoryInterface; |
14 | 15 | use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory; |
15 | 16 | use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; |
16 | 17 | use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface; |
@@ -53,6 +54,8 @@ class SecurityExtension extends Extension implements PrependExtensionInterface |
53 | 54 | private $userProviderFactories = []; |
54 | 55 | private $statelessFirewallKeys = []; |
55 | 56 |
|
| 57 | + private $guardAuthenticationManagerEnabled = false; |
| 58 | + |
56 | 59 | public function __construct() |
57 | 60 | { |
58 | 61 | foreach ($this->listenerPositions as $position) { |
@@ -140,6 +143,8 @@ public function load(array $configs, ContainerBuilder $container) |
140 | 143 | $container->setParameter('security.access.always_authenticate_before_granting', $config['always_authenticate_before_granting']); |
141 | 144 | $container->setParameter('security.authentication.hide_user_not_found', $config['hide_user_not_found']); |
142 | 145 |
|
| 146 | + $this->guardAuthenticationManagerEnabled = $config['guard_authentication_manager']; |
| 147 | + |
143 | 148 | $this->createFirewalls($config, $container); |
144 | 149 | $this->createAuthorization($config, $container); |
145 | 150 | $this->createRoleHierarchy($config, $container); |
@@ -262,8 +267,13 @@ private function createFirewalls(array $config, ContainerBuilder $container) |
262 | 267 | $authenticationProviders = array_map(function ($id) { |
263 | 268 | return new Reference($id); |
264 | 269 | }, array_values(array_unique($authenticationProviders))); |
| 270 | + $authenticationManagerId = 'security.authentication.manager.provider'; |
| 271 | + if ($this->guardAuthenticationManagerEnabled) { |
| 272 | + $authenticationManagerId = 'security.authentication.manager.guard'; |
| 273 | + $container->setAlias('security.authentication.manager', new Alias($authenticationManagerId)); |
| 274 | + } |
265 | 275 | $container |
266 | | - ->getDefinition('security.authentication.manager') |
| 276 | + ->getDefinition($authenticationManagerId) |
267 | 277 | ->replaceArgument(0, new IteratorArgument($authenticationProviders)) |
268 | 278 | ; |
269 | 279 |
|
@@ -462,27 +472,20 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri |
462 | 472 | $key = str_replace('-', '_', $factory->getKey()); |
463 | 473 |
|
464 | 474 | if (isset($firewall[$key])) { |
465 | | - if (isset($firewall[$key]['provider'])) { |
466 | | - if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall[$key]['provider'])])) { |
467 | | - throw new InvalidConfigurationException(sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$key]['provider'])); |
| 475 | + $userProvider = $this->getUserProvider($container, $id, $firewall, $key, $defaultProvider, $providerIds); |
| 476 | + |
| 477 | + if ($this->guardAuthenticationManagerEnabled) { |
| 478 | + if (!$factory instanceof GuardFactoryInterface) { |
| 479 | + throw new InvalidConfigurationException(sprintf('Cannot configure GuardAuthenticationManager as %s authentication does not support it, set security.guard_authentication_manager to `false`.', $key)); |
468 | 480 | } |
469 | | - $userProvider = $providerIds[$normalizedName]; |
470 | | - } elseif ('remember_me' === $key) { |
471 | | - // RememberMeFactory will use the firewall secret when created |
472 | | - $userProvider = null; |
473 | | - } elseif ($defaultProvider) { |
474 | | - $userProvider = $defaultProvider; |
475 | | - } elseif (empty($providerIds)) { |
476 | | - $userProvider = sprintf('security.user.provider.missing.%s', $key); |
477 | | - $container->setDefinition($userProvider, (new ChildDefinition('security.user.provider.missing'))->replaceArgument(0, $id)); |
478 | | - } else { |
479 | | - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $key, $id)); |
480 | | - } |
481 | 481 |
|
482 | | - list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint); |
| 482 | + $authenticationProviders[$id.'_'.$key] = $factory->createGuard($container, $id, $firewall[$key], $userProvider); |
| 483 | + } else { |
| 484 | + list($provider, $listenerId, $defaultEntryPoint) = $factory->create($container, $id, $firewall[$key], $userProvider, $defaultEntryPoint); |
483 | 485 |
|
484 | | - $listeners[] = new Reference($listenerId); |
485 | | - $authenticationProviders[] = $provider; |
| 486 | + $listeners[] = new Reference($listenerId); |
| 487 | + $authenticationProviders[] = $provider; |
| 488 | + } |
486 | 489 | $hasListeners = true; |
487 | 490 | } |
488 | 491 | } |
@@ -519,6 +522,40 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri |
519 | 522 | return [$listeners, $defaultEntryPoint]; |
520 | 523 | } |
521 | 524 |
|
| 525 | + private function getUserProvider(ContainerBuilder $container, string $id, array $firewall, string $factoryKey, ?string $defaultProvider, array $providerIds): ?string |
| 526 | + { |
| 527 | + if (isset($firewall[$factoryKey]['provider'])) { |
| 528 | + if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall[$factoryKey]['provider'])])) { |
| 529 | + throw new InvalidConfigurationException( |
| 530 | + sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$factoryKey]['provider']) |
| 531 | + ); |
| 532 | + } |
| 533 | + |
| 534 | + return $providerIds[$normalizedName]; |
| 535 | + } |
| 536 | + |
| 537 | + if ('remember_me' === $factoryKey) { |
| 538 | + // RememberMeFactory will use the firewall secret when created |
| 539 | + return null; |
| 540 | + } |
| 541 | + |
| 542 | + if ($defaultProvider) { |
| 543 | + return $defaultProvider; |
| 544 | + } |
| 545 | + |
| 546 | + if (empty($providerIds)) { |
| 547 | + $userProvider = sprintf('security.user.provider.missing.%s', $factoryKey); |
| 548 | + $container->setDefinition( |
| 549 | + $userProvider, |
| 550 | + (new ChildDefinition('security.user.provider.missing'))->replaceArgument(0, $id) |
| 551 | + ); |
| 552 | + |
| 553 | + return $userProvider; |
| 554 | + } |
| 555 | + |
| 556 | + throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id)); |
| 557 | + } |
| 558 | + |
522 | 559 | private function createEncoders(array $encoders, ContainerBuilder $container) |
523 | 560 | { |
524 | 561 | $encoderMap = []; |
|
0 commit comments