New in Symfony 3.3: SecurityBundle improvements

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

The SecurityBundle is responsible for integrating the Security Component into the Symfony framework. In Symfony 3.3 we added some minor improvements to it.

Renamed FirewallContext#getContext()

Contributed by
Robin Chalas
in #20417.

The name of this method was misleading because it just returns the listeners returned by FirewallMapInterface::getListeners(). That's why we've decided to deprecate this method and rename it to FirewallContext#getListeners().

Improved UserPasswordEncoderCommand

Contributed by
Maxime Steinhausser
in #20677.

The security:encode-password command is useful to encode user passwords while developing the application or for users stored in the security.yml file. In Symfony 3.3, this command is smarter and it displays the full list of the user classes available in your application, so you just need to pick one instead of typing the full user class name:

$ ./bin/console security:encode-password

  For which user class would you like to encode a password?
  [0] App\Entity\User
  [1] Custom\Class\Bcrypt\User
  [2] Custom\Class\Pbkdf2\User
  [3] Custom\Class\Test\User
  [4] Symfony\Component\Security\Core\User\User

Don't normalize usernames of in-memory users

Contributed by
Robin Chalas
in #21718.

It's common to use properties such as emails as the username of the application users. However, Symfony normalizes the values of the keys defined under security.providers.in_memory.users, so an email such as becomes and authentication fails unexpectedly.

In Symfony 3.3 we changed this behavior and those keys/usernames are no longer normalized or modified in any way.

Enhanced automatic generation of logout URL

Contributed by
Maxime Steinhausser
in #20516.

When using helpers like logout_path() without providing any argument, Symfony generates the logout URL for the current active firewall. In Symfony 3.3 we improved its behavior to better solve some edge cases. This is how it works:

  • Try to find the key from the token (unless it's an anonymous token);
  • If found, try to get the listener from the key. If the listener is found, stop;
  • Try from the injected firewall key. If the listener is found, stop;
  • Try from the injected firewall context. If the listener is found, stop.

The behavior remains unchanged when providing explicitly the firewall key.

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.


Thanks Robin and Maxime for these and all the other great contributions that you make to Symfony!
See also about the the getContext/getListeners part.

getContext()[0] -> getListeners()
getContext()[1] -> getExceptionListener()

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.