symfony · fabpot · Apr 18, 2021 · Apr 16, 2021
diff --git a/UPGRADE-5.3.md b/UPGRADE-5.3.md
@@ -214,6 +214,7 @@ SecurityBundle
    use `security.password_hasher_factory` and `Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
  * Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
    use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
+ * Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
 
 Serializer
 ----------

diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -300,6 +300,7 @@ SecurityBundle
    use `security.password_hasher_factory` and `Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
  * Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
    use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
+ * The `security.authorization_checker` and `security.token_storage` services are now private
 
 Serializer
 ----------

diff --git a/...ndle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/SecurityController.php b/...ndle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/SecurityController.php
@@ -11,16 +11,32 @@
 
 namespace Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller;
 
-use Symfony\Component\DependencyInjection\ContainerAwareInterface;
-use Symfony\Component\DependencyInjection\ContainerAwareTrait;
+use Psr\Container\ContainerInterface;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Contracts\Service\ServiceSubscriberInterface;
 
-class SecurityController implements ContainerAwareInterface
+class SecurityController implements ServiceSubscriberInterface
 {
-    use ContainerAwareTrait;
+    private $container;
+
+    public function __construct(ContainerInterface $container)
+    {
+        $this->container = $container;
+    }
 
     public function profileAction()
     {
         return new Response('Welcome '.$this->container->get('security.token_storage')->getToken()->getUserIdentifier().'!');
     }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedServices(): array
+    {
+        return [
+            'security.token_storage' => TokenStorageInterface::class,
+        ];
+    }
 }
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml
@@ -1,6 +1,12 @@
 imports:
     - { resource: ./../config/default.yml }
 
+services:
+    Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SecurityController:
+        public: true
+        tags:
+            - container.service_subscriber
+
 security:
     providers:
         main:

diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -16,6 +16,7 @@ CHANGELOG
    use `security.password_hasher_factory` and `Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface` instead
  * Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
    use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
+ * Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
 
 5.2.0
 -----

diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -68,6 +68,7 @@
                 service('security.access.decision_manager'),
                 param('security.access.always_authenticate_before_granting'),
             ])
+            ->tag('container.private', ['package' => 'symfony/security-bundle', 'version' => '5.3'])
         ->alias(AuthorizationCheckerInterface::class, 'security.authorization_checker')
 
         ->set('security.token_storage', UsageTrackingTokenStorage::class)
@@ -80,6 +81,7 @@
             ])
             ->tag('kernel.reset', ['method' => 'disableUsageTracking'])
             ->tag('kernel.reset', ['method' => 'setToken'])
+            ->tag('container.private', ['package' => 'symfony/security-bundle', 'version' => '5.3'])
         ->alias(TokenStorageInterface::class, 'security.token_storage')
 
         ->set('security.untracked_token_storage', TokenStorage::class)

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
@@ -28,7 +28,7 @@ public function testServiceIsFunctional()
         // put a token into the storage so the final calls can function
         $user = new InMemoryUser('foo', 'pass');
         $token = new UsernamePasswordToken($user, '', 'provider', ['ROLE_USER']);
-        $container->get('security.token_storage')->setToken($token);
+        $container->get('security.token_storage.alias')->setToken($token);
 
         $security = $container->get('functional_test.security.helper');
         $this->assertTrue($security->isGranted('ROLE_USER'));

diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml
@@ -7,6 +7,10 @@ services:
         alias: security.helper
         public: true
 
+    functional.test.security.token_storage:
+        alias: security.token_storage
+        public: true
+
 security:
     providers:
         in_memory: