-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Post Authentication Listeners #22275
Conversation
…rity, functional test. Refs symfony#22260
Waiting for master to be fixed before I push deprecation fix :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I mentioned in the issue, the anon.
related changes, I'm 👍. For the post_authentication
I still don't see a valid use-case so I'm 👎 for that.
My suggestion is to keep the anon.
part in this PR and make a new one based on this PR for the post_authentication
. This because the anon.
part can be kept regardless of what will be decided upon post_authentication
.
I am inclined to agree, but after more refactoring efforts elsewhere I ran into a possible issue with the Enabling anon as possible position means that you can use a custom Which begs the question: should the So maybe a sorting position with a different semantic value would make more sense. |
What's the status of this PR? |
Unless any of this has changed, this should be closed (#22260 too). |
Thank you @kleijnweb for the quick and honest feedback. I really appreciate it. I'm going to trust @iltar judgement on this one and close. |
This PR is a first step towards #22260 by enabling the use of
anon
andpost_authentication
as listener sorting positions, opening up extending the firewall beyond authentication. To that end, returning an authentication provider ID fromSecurityFactoryInterface::create()
has been made optional.A typical use case would be creating custom authorization listeners (alternatives to using
access_control
while still benefiting from e.g. the exception listener).