fixed explanations about anonymous users and their authenticated status

fabpot · fabpot · commit 434a1deba8dc · 2010-11-09T08:46:03.000+01:00
diff --git a/guides/security/authentication.rst b/guides/security/authentication.rst
@@ -513,9 +513,10 @@ Anonymous Users
 ~~~~~~~~~~~~~~~
 
 When you disable security, no user is attached to the request anymore. If you
-still want one, you can activate anonymous users. An anonymous user is not
-authenticated and "real" authentication occurs whenever the user wants to
-access a resource restricted by an access control rule:
+still want one, you can activate anonymous users. An anonymous user is
+authenticated but only has the ``IS_AUTHENTICATED_ANONYMOUSLY`` role. The
+"real" authentication only occurs whenever the user accesses a resource
+restricted by a more restrictive access control rule:
 
 .. configuration-block::
 
@@ -545,15 +546,10 @@ access a resource restricted by an access control rule:
             ),
         ));
 
-You can check if a user is fully-authenticated with the ``isAuthenticated()``
-of the security context:
-
-    $container->get('security.context')->isAuthenticated();
-
-.. tip::
-
-    All anonymous users automatically have the 'IS_AUTHENTICATED_ANONYMOUSLY'
-    role.
+As anonymous users are authenticated, the ``isAuthenticated()`` method returns
+``true``. To check is the user is anonymous, check for the
+``IS_AUTHENTICATED_ANONYMOUSLY`` role instead (note that all non-anonymous
+users have the ``IS_AUTHENTICATED_FULLY`` role.)
 
 .. index::
    single: Security; Stateless Authentication
diff --git a/guides/security/authorization.rst b/guides/security/authorization.rst
@@ -56,14 +56,15 @@ user has not the needed roles or an
 :class:`Symfony\\Component\Security\\Exception\\AuthenticationCredentialsNotFoundException`
 if he is not authenticated yet.
 
-.. tip::
-
-    ``IS_AUTHENTICATED_ANONYMOUSLY`` is a special role that all anonymous
-    users have.
-
 In the example above, we match requests based on their path info, but there
 are many other ways as you will learn in the next section.
 
+..tip::
+
+    Symfony2 automatically adds a special role based on the anonymous flag:
+    ``IS_AUTHENTICATED_ANONYMOUSLY`` for anonymous users and
+    ``IS_AUTHENTICATED_FULLY`` for all others.
+
 Matching a Request
 ------------------
 
diff --git a/guides/security/users.rst b/guides/security/users.rst
@@ -396,7 +396,16 @@ After authentication, the user is accessed via the security context::
     $user = $container->get('security.context')->getUser();
 
 You can also check if the user is authenticated with the ``isAuthenticated()``
-method.
+method::
+
+    $container->get('security.context')->isAuthenticated();
+
+.. tip::
+
+    Be aware that anonymous users are considered authenticated. If you want to
+    check if a user is "fully authenticated" (non-anonymous), you need to
+    check if the user has the special ``IS_AUTHENTICATED_FULLY`` role (or
+    check that the user has not the ``IS_AUTHENTICATED_ANONYMOUSLY`` role).
 
 .. index::
    single: Security; Roles
