[Security/DependencyInjection] updated SecurityBundle's configuration…

…, some bug fixes in DIC config classes

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

@@ -205,7 +205,7 @@ private function addValidationSection(NodeBuilder $rootNode)
                     ->treatTrueLike(array())
                     ->fixXmlConfig('namespace')
                     ->arrayNode('namespaces')
-                        ->containsNameValuePairsWithKeyAttribute('prefix')
+                        ->useAttributeAsKey('prefix')
                         ->prototype('scalar')
                             ->beforeNormalization()
                                 ->ifTrue(function($v) { return is_array($v) && isset($v['namespace']); })

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Configuration.php

@@ -67,7 +67,7 @@ protected function addRoleHierarchySection($rootNode)
         $rootNode
             ->fixXmlConfig('role', 'role_hierarchy')
             ->arrayNode('role_hierarchy')
-                ->containsNameValuePairsWithKeyAttribute('id')
+                ->useAttributeAsKey('id')
                 ->prototype('array')
                     ->performNoDeepMerging()
                     ->beforeNormalization()->ifString()->then(function($v) { return array('value' => $v); })->end()
@@ -103,7 +103,7 @@ protected function addAccessControlSection($rootNode)
                     ->end()
                     ->fixXmlConfig('attribute')
                     ->arrayNode('attributes')
-                        ->containsNameValuePairsWithKeyAttribute('key')
+                        ->useAttributeAsKey('key')
                         ->prototype('scalar')
                             ->beforeNormalization()
                                 ->ifTrue(function($v) { return is_array($v) && isset($v['pattern']); })
@@ -122,6 +122,8 @@ protected function addFirewallsSection($rootNode, array $factories)
         $rootNode
             ->fixXmlConfig('firewall')
             ->arrayNode('firewalls')
+                ->isRequired()
+                ->requiresAtLeastOneElement()
                 ->disallowNewKeysInSubsequentConfigs()
                 ->useAttributeAsKey('name')
                 ->prototype('array')
@@ -183,6 +185,7 @@ protected function addProvidersSection($rootNode)
             ->fixXmlConfig('provider')
             ->arrayNode('providers')
                 ->disallowNewKeysInSubsequentConfigs()
+                ->isRequired()
                 ->requiresAtLeastOneElement()
                 ->useAttributeAsKey('name')
                 ->prototype('array')
@@ -220,10 +223,13 @@ protected function addEncodersSection($rootNode)
         $rootNode
             ->fixXmlConfig('encoder')
             ->arrayNode('encoders')
+                ->requiresAtLeastOneElement()
                 ->useAttributeAsKey('class')
                 ->prototype('array')
+                    ->canBeUnset()
+                    ->performNoDeepMerging()
                     ->beforeNormalization()->ifString()->then(function($v) { return array('algorithm' => $v); })->end()
-                    ->scalarNode('algorithm')->isRequired()->cannotBeEmpty()->end()
+                    ->scalarNode('algorithm')->cannotBeEmpty()->end()
                     ->booleanNode('ignore_case')->end()
                     ->booleanNode('encode_as_base64')->end()
                     ->scalarNode('iterations')->end()

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -470,7 +470,7 @@ protected function createUserDaoProvider($name, $provider, ContainerBuilder $con
         $definition = $container->register($name, '%security.user.provider.in_memory.class%');
         $definition->setPublic(false);
         foreach ($provider['users'] as $username => $user) {
-            $userId = $name.'_'.md5(json_encode(array($username, $user['password'], $user['roles'])));
+            $userId = $name.'_'.$username;
 
             $container
                 ->register($userId, 'Symfony\Component\Security\Core\User\User')
@@ -486,7 +486,7 @@ protected function createUserDaoProvider($name, $provider, ContainerBuilder $con
 
     protected function getUserProviderId($name)
     {
-        return 'security.authentication.provider.'.$name;
+        return 'security.user.provider.'.$name;
     }
 
     protected function createExceptionListener($container, $config, $id, $defaultEntryPoint)

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php

@@ -0,0 +1,52 @@
+<?php
+
+$container->loadFromExtension('security', 'config', array(
+    'providers' => array(
+        'default' => array(
+            'users' => array(
+                'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
+            ),
+        ),
+        'digest' => array(
+            'users' => array(
+                'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'),
+            ),
+        ),
+        'basic' => array(
+            'users' => array(
+                'foo' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'),
+                'bar' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => array('ROLE_USER', 'ROLE_ADMIN')),
+            ),
+        ),
+        'doctrine' => array(
+            'entity' => array('class' => 'SecurityBundle:User', 'property' => 'username')
+        ),
+        'service' => array(
+            'id' => 'user.manager',
+        ),
+    ),
+
+    'firewalls' => array(
+        'simple' => array('pattern' => '/login', 'security' => false),
+        'secure' => array('stateless' => true,
+            'http_basic' => true,
+            'http_digest' => true,
+            'form_login' => true,
+            'anonymous' => true,
+            'switch_user' => true,
+            'x509' => true,
+            'logout' => true,
+        ),
+    ),
+
+    'access_control' => array(
+        array('path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https'),
+        array('path' => '/blog/.*', 'attributes' => array('_controller' => '.*\\BlogBundle\\.*'), 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
+    ),
+
+    'role_hierarchy' => array(
+        'ROLE_ADMIN' => 'ROLE_USER',
+        'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'),
+        'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN',
+    ),
+));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/merge.php

@@ -3,12 +3,17 @@
 $this->load('merge_import.php', $container);
 
 $container->loadFromExtension('security', 'config', array(
+    'providers' => array(
+        'default' => array('id' => 'foo'),
+    ),
+
     'firewalls' => array(
         'main' => array(
             'form_login' => false,
             'http_basic' => null,
         ),
     ),
+
     'role_hierarchy' => array(
         'FOO' => array('MOO'),
     )

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/provider.xml → src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml

@@ -1,17 +1,20 @@
-<?xml version="1.0" ?>
+<?xml version="1.0" encoding="UTF-8"?>
 
 <srv:container xmlns="http://www.symfony-project.org/schema/dic/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:srv="http://www.symfony-project.org/schema/dic/services"
     xsi:schemaLocation="http://www.symfony-project.org/schema/dic/services http://www.symfony-project.org/schema/dic/services/services-1.0.xsd">
 
     <config>
+        <provider name="default">
+            <user name="foo" password="foo" roles="ROLE_USER" />
+        </provider>
+
         <provider name="digest">
             <user name="foo" password="foo" roles="ROLE_USER, ROLE_ADMIN" />
         </provider>
 
         <provider name="basic">
-            <password-encoder hash="sha1" />
             <user name="foo" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_SUPER_ADMIN" />
             <user name="bar" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_USER, ROLE_ADMIN" />
         </provider>
@@ -21,5 +24,26 @@
         </provider>
 
         <provider name="service" id="user.manager" />
+
+        <firewall name="simple" pattern="/login" security="false" />
+
+        <firewall name="secure" stateless="true">
+            <http-basic />
+            <http-digest />
+            <form-login />
+            <anonymous />
+            <switch-user />
+            <x509 />
+            <logout />
+        </firewall>
+
+        <role id="ROLE_ADMIN">ROLE_USER</role>
+        <role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
+        <role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
+
+        <rule path="/blog/524" role="ROLE_USER" requires-channel="https" />
+        <rule role='IS_AUTHENTICATED_ANONYMOUSLY' path="/blog/.*">
+            <attribute key="_controller" pattern=".*\\BlogBundle\\.*" />
+        </rule>
     </config>
 </srv:container>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/merge.xml

@@ -10,6 +10,8 @@
     </imports>
 
     <sec:config>
+        <sec:provider name="default" id="foo" />
+
         <sec:firewall name="main" form-login="false">
             <sec:http-basic />
         </sec:firewall>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml

@@ -0,0 +1,41 @@
+security.config:
+    providers:
+        default:
+            users:
+                foo: { password: foo, roles: ROLE_USER }
+        digest:
+            users:
+                foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' }
+        basic:
+            password_encoder: sha1
+            users:
+                foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN }
+                bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] }
+        doctrine:
+            entity: { class: SecurityBundle:User, property: username }
+        service:
+            id: user.manager
+
+    firewalls:
+        simple: { pattern: /login, security: false }
+        secure:
+            stateless: true
+            http_basic: true
+            http_digest: true
+            form_login: true
+            anonymous: true
+            switch_user: true
+            x509: true
+            logout: true
+
+    role_hierarchy:
+        ROLE_ADMIN:       ROLE_USER
+        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
+        ROLE_REMOTE:      ROLE_USER,ROLE_ADMIN
+
+    access_control:
+        - { path: /blog/524, role: ROLE_USER, requires_channel: https }
+        -
+            path: /blog/.*
+            attributes: { _controller: .*\\BlogBundle\\.* }
+            role: IS_AUTHENTICATED_ANONYMOUSLY