Skip to content


Subversion checkout URL

You can clone with
Download ZIP


use SecurityContextInterface instead of SecurityContext #44

merged 1 commit into from

2 participants


cross-posted issue, see symfony/symfony#3522

@schmittjoh schmittjoh merged commit c26bd5d into schmittjoh:master
@craigmarvelley craigmarvelley referenced this pull request from a commit in craigmarvelley/symfony
@fabpot fabpot merged branch pminnieur/patch-1 (PR #3522)

bfb5547 fixed docblock
bf75212 use SecurityContextInterface instead of SecurityContext
498b4b6 use SecurityContextInterface instead of SecurityContext


use SecurityContextInterface instead of SecurityContext

Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: /
Todo: /

Abstract: it's not possible to exchange the `security.context` with another implementation without this change. You may not be able to extend the `SecurityContext` because `isGranted` is final, so you may implement your own context.


by pminnieur at 2012-03-06T17:37:27Z

PS: could you merge this back to 2.0 branch, too?


by stof at 2012-03-06T17:42:03Z

@pminnieur send a pull request to the 2.0 branch then


by lsmith77 at 2012-03-06T18:42:41Z

i guess this doesn't break BC as SecurityContext always implemented the SecurityContextInterface .. no?


by pminnieur at 2012-03-06T19:11:00Z

this would not break BC, correct. I may identify additonal places where its not typed against the Interface but the implementation, which is really annoying. I will update the PR tomorrow morning and also do a PR for the 2.0 branch.


by stof at 2012-03-06T22:04:09Z

As it is in the constructor, it is not a BC break indeed as overwritten constructors can have a different signature anyway. For other places, take care that it could be a BC issue for people extending the class


by pminnieur at 2012-03-06T22:11:28Z

as the `isGranted ` method in the `SecurityContext ` implementation provided by Symfony is declared `final`, it's not really extendable at all - which ultimately leads to the problem: its indirectly hard coupled ;-)


by stof at 2012-03-06T22:38:08Z

@pminnieur the BC break is not for people extending the SecurityContext but for people extending classes that typehint it


by pminnieur at 2012-03-07T10:45:55Z

JFYI: the `RememberMeListener ` also does not type hint the interface but the implementation itself (it's always a constructor argument). All the other `Security\Http\Firewall` listeners type hint against the interface. I will update the PR accordingly today and also create a second PR against the 2.0 branch.


by pminnieur at 2012-03-07T11:55:52Z

JFYI: same issue w/ JMSSecurityExtraBundle schmittjoh/JMSSecurityExtraBundle#44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
4 Security/Authorization/Interception/MethodSecurityInterceptor.php
@@ -31,7 +31,7 @@
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
-use Symfony\Component\Security\Core\SecurityContext;
+use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
@@ -52,7 +52,7 @@ class MethodSecurityInterceptor implements MethodInterceptorInterface
private $runAsManager;
private $logger;
- public function __construct(SecurityContext $securityContext, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager,
+ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager,
AfterInvocationManagerInterface $afterInvocationManager, RunAsManagerInterface $runAsManager, MetadataFactoryInterface $metadataFactory, LoggerInterface $logger = null)
$this->alwaysAuthenticate = false;
Something went wrong with that request. Please try again.