From cdc2f9586cd69eb8845e9e8bb0964e37ae72202c Mon Sep 17 00:00:00 2001
From: Roland Franssen <franssen.roland@gmail.com>
Date: Sat, 22 Oct 2016 08:47:30 +0000
Subject: [PATCH 1/3] poc

---
 .../DependencyInjection/MainConfiguration.php        |  5 ++---
 .../DependencyInjection/SecurityExtension.php        | 12 +++++-------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index bf828ed22aa0e..5e05554f54115 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -163,7 +163,9 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                     ->prototype('array')
                         ->fixXmlConfig('ip')
                         ->fixXmlConfig('method')
+                        ->fixXmlConfig('role')
                         ->children()
+                            ->scalarNode('matcher')->defaultNUll()->end()
                             ->scalarNode('requires_channel')->defaultNull()->end()
                             ->scalarNode('path')
                                 ->defaultNull()
@@ -180,9 +182,6 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                                 ->prototype('scalar')->end()
                             ->end()
                             ->scalarNode('allow_if')->defaultNull()->end()
-                        ->end()
-                        ->fixXmlConfig('role')
-                        ->children()
                             ->arrayNode('roles')
                                 ->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
                                 ->prototype('scalar')->end()
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 4398a2a36d433..e191e71235feb 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -195,13 +195,11 @@ private function createAuthorization($config, ContainerBuilder $container)
         ));
 
         foreach ($config['access_control'] as $access) {
-            $matcher = $this->createRequestMatcher(
-                $container,
-                $access['path'],
-                $access['host'],
-                $access['methods'],
-                $access['ips']
-            );
+            if (null !== $access['matcher']) {
+                $matcher = new Reference($access['matcher']);
+            } else {
+                $matcher = $this->createRequestMatcher($container, $access['path'], $access['host'], $access['methods'], $access['ips']);
+            }
 
             $attributes = $access['roles'];
             if ($access['allow_if']) {

From e2a8546a55acfc8ea4b5b228f6c50387e898e8c3 Mon Sep 17 00:00:00 2001
From: Roland Franssen <franssen.roland@gmail.com>
Date: Sat, 22 Oct 2016 09:22:32 +0000
Subject: [PATCH 2/3] addded ChainRequestMatcher

---
 .../HttpFoundation/ChainRequestMatcher.php    | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php

diff --git a/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php b/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php
new file mode 100644
index 0000000000000..e64a9e4c4a34f
--- /dev/null
+++ b/src/Symfony/Component/HttpFoundation/ChainRequestMatcher.php
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation;
+
+/**
+ * @author Roland Franssen <franssen.roland@gmail.com>
+ */
+class ChainRequestMatcher implements RequestMatcherInterface
+{
+    private $matchers;
+
+    /**
+     * @param RequestMatcherInterface[] $matchers
+     */
+    public function __construct(array $matchers)
+    {
+        $this->matchers = $matchers;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function matches(Request $request)
+    {
+        foreach ($this->matchers as $matcher) {
+            if (!$matcher->matches($request)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}

From 675f309f6729f83a21ac08b24c5c9bc2cba74b05 Mon Sep 17 00:00:00 2001
From: Roland Franssen <franssen.roland@gmail.com>
Date: Thu, 10 Nov 2016 18:55:44 +0100
Subject: [PATCH 3/3] defaultNull

---
 .../SecurityBundle/DependencyInjection/MainConfiguration.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index 5e05554f54115..fa4f6d557009e 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -165,7 +165,7 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                         ->fixXmlConfig('method')
                         ->fixXmlConfig('role')
                         ->children()
-                            ->scalarNode('matcher')->defaultNUll()->end()
+                            ->scalarNode('matcher')->defaultNull()->end()
                             ->scalarNode('requires_channel')->defaultNull()->end()
                             ->scalarNode('path')
                                 ->defaultNull()