diff --git a/UPGRADE-7.2.md b/UPGRADE-7.2.md
index d944809e378c2..c802b768cf817 100644
--- a/UPGRADE-7.2.md
+++ b/UPGRADE-7.2.md
@@ -82,6 +82,37 @@ Security
* Deprecate passing an empty string as `$userIdentifier` argument to `UserBadge` constructor
* Deprecate returning an empty string in `UserInterface::getUserIdentifier()`
+SecurityBundle
+--------------
+
+ * Deprecate XML-configured custom authenticators and providers under security namespace; they must now have their own:
+
+ ```diff
+
+ + https://symfony.com/schema/dic/security/security-1.0.xsd
+ + http://example.com/schema http://example.com/schema.xsd">
+ +
+
+
+
+ -
+ -
+ -
+ +
+ +
+ +
+
+
+
+ ```
+
Serializer
----------
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 43c17dc20ef5d..c98d1ebd61dcc 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -6,6 +6,33 @@ CHANGELOG
* Allow configuring the secret used to sign login links
* Allow passing optional passport attributes to `Security::login()`
+ * Deprecate XML-configured custom authenticators and providers under security namespace; they must now have their own:
+
+ ```diff
+
+ + https://symfony.com/schema/dic/security/security-1.0.xsd
+ + http://example.com/schema http://example.com/schema.xsd">
+ +
+
+
+
+ -
+ -
+ -
+ +
+ +
+ +
+
+
+
+ ```
7.1
---
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php
index e57cda13ff78d..081c6f45b984d 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomAuthenticatorTest.php
@@ -12,6 +12,7 @@
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\Authenticator\CustomAuthenticator;
use Symfony\Component\Config\FileLocator;
@@ -20,10 +21,12 @@
class XmlCustomAuthenticatorTest extends TestCase
{
+ use ExpectDeprecationTrait;
+
/**
- * @dataProvider provideXmlConfigurationFile
+ * @group legacy
*/
- public function testCustomProviderElement(string $configurationFile)
+ public function testCustomAuthenticatorElementUnderSecurityNamespace()
{
$container = new ContainerBuilder();
$container->setParameter('kernel.debug', false);
@@ -33,18 +36,30 @@ public function testCustomProviderElement(string $configurationFile)
$security->addAuthenticatorFactory(new CustomAuthenticator());
$container->registerExtension($security);
- (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load($configurationFile);
+ $this->expectDeprecation('Since symfony/security-bundle 7.2: Custom authenticators must now be namespaced; please update your security configuration "custom" tag.');
+ (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load('custom_authenticator_under_security_namespace.xml');
$container->getCompilerPassConfig()->setRemovingPasses([]);
$container->getCompilerPassConfig()->setAfterRemovingPasses([]);
$container->compile();
-
- $this->addToAssertionCount(1);
}
- public static function provideXmlConfigurationFile(): iterable
+ public function testCustomAuthenticatorElementUnderOwnNamespace()
{
- yield 'Custom authenticator element under SecurityBundle’s namespace' => ['custom_authenticator_under_security_namespace.xml'];
- yield 'Custom authenticator element under its own namespace' => ['custom_authenticator_under_own_namespace.xml'];
+ $container = new ContainerBuilder();
+ $container->setParameter('kernel.debug', false);
+ $container->register('cache.system', \stdClass::class);
+
+ $security = new SecurityExtension();
+ $security->addAuthenticatorFactory(new CustomAuthenticator());
+ $container->registerExtension($security);
+
+ (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load('custom_authenticator_under_own_namespace.xml');
+
+ $container->getCompilerPassConfig()->setRemovingPasses([]);
+ $container->getCompilerPassConfig()->setAfterRemovingPasses([]);
+ $container->compile();
+
+ $this->addToAssertionCount(1);
}
}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomProviderTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomProviderTest.php
index a3f59fc299a24..abf5cb52ff9c5 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomProviderTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/XmlCustomProviderTest.php
@@ -12,6 +12,7 @@
namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
use Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Fixtures\UserProvider\CustomProvider;
use Symfony\Component\Config\FileLocator;
@@ -20,10 +21,12 @@
class XmlCustomProviderTest extends TestCase
{
+ use ExpectDeprecationTrait;
+
/**
- * @dataProvider provideXmlConfigurationFile
+ * @group legacy
*/
- public function testCustomProviderElement(string $configurationFile)
+ public function testCustomProviderElementUnderSecurityNamespace()
{
$container = new ContainerBuilder();
$container->setParameter('kernel.debug', false);
@@ -33,18 +36,30 @@ public function testCustomProviderElement(string $configurationFile)
$security->addUserProviderFactory(new CustomProvider());
$container->registerExtension($security);
- (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load($configurationFile);
+ $this->expectDeprecation('Since symfony/security-bundle 7.2: Custom providers must now be namespaced; please update your security configuration "custom" tag.');
+ (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load('custom_provider_under_security_namespace.xml');
$container->getCompilerPassConfig()->setRemovingPasses([]);
$container->getCompilerPassConfig()->setAfterRemovingPasses([]);
$container->compile();
-
- $this->addToAssertionCount(1);
}
- public static function provideXmlConfigurationFile(): iterable
+ public function testCustomProviderElementUnderOwnNamespace()
{
- yield 'Custom provider element under SecurityBundle’s namespace' => ['custom_provider_under_security_namespace.xml'];
- yield 'Custom provider element under its own namespace' => ['custom_provider_under_own_namespace.xml'];
+ $container = new ContainerBuilder();
+ $container->setParameter('kernel.debug', false);
+ $container->register('cache.system', \stdClass::class);
+
+ $security = new SecurityExtension();
+ $security->addUserProviderFactory(new CustomProvider());
+ $container->registerExtension($security);
+
+ (new XmlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/xml')))->load('custom_provider_under_own_namespace.xml');
+
+ $container->getCompilerPassConfig()->setRemovingPasses([]);
+ $container->getCompilerPassConfig()->setAfterRemovingPasses([]);
+ $container->compile();
+
+ $this->addToAssertionCount(1);
}
}
diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json
index 8660196a11cf2..2668cf2868f28 100644
--- a/src/Symfony/Bundle/SecurityBundle/composer.json
+++ b/src/Symfony/Bundle/SecurityBundle/composer.json
@@ -21,7 +21,7 @@
"ext-xml": "*",
"symfony/clock": "^6.4|^7.0",
"symfony/config": "^6.4|^7.0",
- "symfony/dependency-injection": "^6.4.11|^7.1.4",
+ "symfony/dependency-injection": "^7.2",
"symfony/event-dispatcher": "^6.4|^7.0",
"symfony/http-kernel": "^6.4|^7.0",
"symfony/http-foundation": "^6.4|^7.0",
diff --git a/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php b/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
index f596980663f15..8c6532296823f 100644
--- a/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
+++ b/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
@@ -458,6 +458,8 @@ private function parseFileToDOM(string $file): \DOMDocument
try {
$dom = XmlUtils::loadFile($file, $this->validateSchema(...));
} catch (\InvalidArgumentException $e) {
+ // When starting the 8.0 branch, this whole catch block should be replaced by the line below:
+ // throw new InvalidArgumentException(\sprintf('Unable to parse file "%s": ', $file).$e->getMessage(), $e->getCode(), $e);
$invalidSecurityElements = [];
$errors = explode("\n", $e->getMessage());
foreach ($errors as $i => $error) {
@@ -477,6 +479,8 @@ private function parseFileToDOM(string $file): \DOMDocument
continue;
}
if ('provider' === $parent->localName || 'firewall' === $parent->localName) {
+ trigger_deprecation('symfony/security-bundle', '7.2', 'Custom %s must now be namespaced; please update your security configuration "%s" tag.', 'provider' === $parent->localName ? 'providers' : 'authenticators', $tagName);
+
unset($errors[$errorIndex]);
}
}