Are you sure that this is related to the profiler configuration? I mean does the problem go away when you revert your changes to the profiler config? And if it is related, can you please show your implementation of the app.super_admin_matcher service?

sure:
services.yml

  app.super_admin_matcher:
      class: AppBundle\Profiler\SuperAdminMatcher
      arguments: ['@security.authorization_checker']
      public: false

SuperAdminMatcher.php:

<?php
namespace AppBundle\Profiler;

use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestMatcherInterface;

class SuperAdminMatcher implements RequestMatcherInterface{
    protected $authorizationChecker;
    public function __construct(AuthorizationCheckerInterface $authorizationChecker){
        $this->authorizationChecker = $authorizationChecker;
    }
    public function matches(Request $request){
        return $this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN');
    }
}

Hello,

I tested with Symfony 3.2.5 and FOSUser with a simple matcher:

namespace AppBundle;

use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestMatcherInterface;

class TestMatcher implements RequestMatcherInterface
{
    protected $authorizationChecker;

    public function __construct(AuthorizationCheckerInterface $authorizationChecker)
    {
        $this->authorizationChecker = $authorizationChecker;
    }

    public function matches(Request $request)
    {
        return $this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN');
    }
}

I'm successfully logged with ROLE_SUPER_ADMIN and I have my profile data in the cache directory. This issue doesn't look related to Symfony but to your code.

everything works before i did this.
only when i add the service it's stop to work

Here is the project I tested with. Can you run it to see if it's related to your system configuration ?

# Commands to run after personalization of your parameters.yml
php bin/console doctrine:database:create
php bin/console doctrine:schema:update --force
php bin/console fos:user:create
php bin/console fos:user:promote You
php bin/console ca:cl --env=prod
php bin/console ser:run --env=prod
# Then go to /login to login

Thanks.
📁 Attached file: TestProfilerMatcher.zip

i don't use fos ...
how can i debug it what is wrong?
only this service doesn't work

Using FOS or not is not the point but this demonstrates that it works perfectly with user role data. Sorry, this is not a support forum. Feel free to give information about your problem on stack overflow so people can help you to solve it!

(here is not the good place and we don't have any information that may help us to find what's your problem)

but it's problem on symfony. issue with symfony
i report a problem to symfony

@ben29 your problem sounds more related to how you implemented the matcher and not to symfony itself.

If you want support for Symfony, go to stackoverflow or IRC channel.

Symfony issues are used bugs in Symfony core, not to support.

=> http://symfony.com/support
=> http://symfony.com/doc/current/contributing/code/bugs.html

1. again it's symfony doc for that i did 100% copy past like the doc
2. how can i trace the error if it's going to connection reset?
3. only this service not working anymore. when i use symfony 3.1 it's worked perfect!

Well, without being able to reproduce your issue it will be hard to help you. Do you see anything else in the logs (either in the application logs, the web server's log or in the logs of PHP FPM)? Can you try to reproduce your issue on the Symfony Standard Edition and push such an example to GitHub?

i did error_reporting i check few times on error log apache
nothing

I try this on my computer:

[Thu Mar 09 22:23:44.682505 2017] [:error] [pid 58549] [client 127.0.0.1:60273] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 77 bytes) in /Library/WebServer/Documents/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php on line 57

i put memmory limit to php 512MB!

the wired thing.
when i doing

    public function matches(Request $request)
    {
        die("dead");
        return $this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN');
    }

it's shows dead...

try anothr thing:

    public function matches(Request $request)
    {
        if ($this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN')){
            die("true...");
        }
        else{
            die("false.....");
        }
    }

it's stuck

doing:

    public function matches(Request $request)
    {
        return true;
    }

works!
it's means problem here:
$this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN')

try also ROLE_ADMIN

my security.yml

    role_hierarchy:
        ROLE_USER: [ROLE_USER]
        ROLE_ADMIN: [ROLE_USER,ROLE_EVENT_CREATE]
        ROLE_SUPER_ADMIN: [ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

login :
Allowed memory size of 536870912 bytes exhausted (tried to allocate 72 bytes) in /Library/WebServer/Documents/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php on line 57, referer: https://127.0.0.1/app_dev.php/

so only the problem it's on
AuthorizationChecker.php

thanks!

@xabbuh - see all the comment i did big debug

Can you show your complete security config?

yes:

security:
    encoders:
        AppBundle\Entity\User:
            algorithm: bcrypt
            cost: 15
    providers:
        users_provider:
            entity:
                class: AppBundle:User
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt|error)|css|images|js)/
            security: false
        main:
            provider: users_provider
            anonymous: ~
            form_login:
                login_path: app_login
                check_path: app_login
                csrf_token_generator: security.csrf.token_manager
                use_forward: true
                always_use_default_target_path: false
                use_referer: false
                username_parameter: _username
                password_parameter: _password
                post_only: true
                remember_me: true
                require_previous_session: true
            logout:
                path: app_logout
                invalidate_session: false
            remember_me:
                secret: "%secret%"
                lifetime: 3600
                path: /foo
                secure: true
                httponly: true
                always_remember_me: false
                remember_me_parameter: _remember_me
    role_hierarchy:
        ROLE_USER: [ROLE_USER]
        ROLE_ADMIN: [ROLE_USER,ROLE_EVENT_CREATE]
        ROLE_SUPER_ADMIN: [ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]
    access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/logout, roles: ROLE_USER }
    - { path: ^/admin, roles: ROLE_ADMIN }
    - { path: ^/, requires_channel: https }

i get the problem!!!
when i removed the
use_forward: true
everything is working!!

why it's give :

[Fri Mar 10 00:16:46.630402 2017] [:error] [pid 58654] [client 127.0.0.1:60781] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 32 bytes) in /Library/WebServer/Documents/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php on line 57, referer: https://127.0.0.1/app_dev.php/login

just beacuse this option ?
something wired!
@xabbuh

so the bug happen when i enable use_foward
can it be fixed?

@ben29 thanks for all the debugging that you did and thanks to all the reviewers for your help.

So, in summary, if you use the use_forward: true option, the application goes out of memory and when you don't use it, everything works perfectly. So this definitely looks like a Symfony bug.

Is someone able to fork the Symfony Standard Edition, and make these changes so that we can reproduce the issue and investigate how to fix it?

@javiereguiluz yea it's goes to out of memory just when i set this setting.
@xabbuh i did it in 5 projects on symfony-demo , symfony standard-edition.
both same problem
as i said to you it's bug and i prove it =]

any update about that?

I didn't have the time to create a custom project that reproduces the issue to find out what exactly causes the issue. That's why I asked for a fork of the Symfony Standard Edition that makes this easier to reproduce and focus on investigating how to fix it (and the same applies to any other contributor who is willing to work on a patch).

Hello,

actually i think the problem comes from that SuperAdminMatcher::matches method is called either on the main request AND also in the _wdt and / or _profiler requests
Then, because these url patterns are excluded from the main firewall, they don't have any authentication token, and we're dealing with an error when $this->authorizationChecker->isGranted() is called in SuperAdminMatcher.

The solution would be not calling the matches method when we're on these urls in \Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse :

if (null !== $this->matcher && !preg_match('/(_(profiler|wdt|error))/', $route) && !$this->matcher->matches($request)) {
    return;
}

On the other hand i didn't manage to reproduce the out of memory error, but it could be related.

Here is a repo to reproduce the problem i am talking about :
https://github.com/nikophil/symfony-standard/tree/issue-21944 (branch issue-21944)
By default profiler is disabled because of the profiler request_matcher
There are two in memory users : user and admin

help this works

any update?

Actually, we now are thinking about removing the entire "matcher" feature from the profiler. See #24077 If we finally do that, we'll need to close this as 2won't fix". So let's wait a bit. Thanks!