SimpleAutheticationProvider anonymous user handle #26871
Comments
|
So in your case this returns an empty string?
There's a different authenticator for anonymous users: |
|
Hi, even if I add |
|
What about an early return if |
|
This one |
|
Are you creating the See also |
|
You are right. I agree with you :D |
Be aware that this is not necessarily correct. At least for the |
|
Parameters are not an extension point you should rely on. Previously all parameter based class names for services were removed. I'm not sure why this one still exists, because it's extremely fragile to make a token like this. I didn't find any documentation on this either. |
|
I totally agree, just saying you can configure the ToBeConsideredAnonymousToken in the trust resolver, so just assuming |
|
Same issue here, breaking on version 2.8.38. Similar scenario with 'anon.' user token from a custom authenticator. I'm trying to understand the AnonymousToken + UsernameNotFoundException thing, but can't really get it working just with changes on my Authenticator and Provider... am I missing something? |
|
See #27044 |
…ace (chalasr) This PR was merged into the 2.7 branch. Discussion ---------- [Security] Skip user checks if not implementing UserInterface | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #26871 | License | MIT | Doc PR | n/a Commits ------- 384acf9 [Security] Skip user checks if not implementing UserInterface
Two commits that are added in class SimpleAuthenticationProvider break our application.
Commit #1: c318306
Commit #2: cb9c92d
Problem is when I have a token class that have anonymous user. So in getUser() i get an empty string. ('')
Also in last version it wasn't necessary to pass $user object, now it is.
It is needed to find way how to handle public token when we have anonymous user.
Corresponding PR #26370
Thanks for your time :D
The text was updated successfully, but these errors were encountered: