When SecurityExtension::createAuthenticationListeners() finds all tagged "security.listener.factory" services, to generate listeners from keys like "form_login" and "http_basic", it's using a ContainerBuilder instance with an isolated scope, so it knows nothing about other bundles and extensions. This effectively makes it impossible for the security component to configure anything but its own listeners.
I started looking into this because I implemented a pre-authenticated listener that uses HTTP basic (similar to how X509 works but with different server vars). Now that I'm at the point where I need to hook up the listener, I conveniently discovered this roadblock :) Aside from my LdapBundle and a branch in my SimpleCASBundle project, Sensio's CasBundle is the only other project I know of that implements an authentication listener. Based on the https://github.com/sensio/CasBundlecode, I don't see how it can integrate with security component either, as Jean-François merely tagged his services in the same manner. I spoke with Bulat about this and he suggested a proper solution would be for the firewall assembly to be done during FrameworkBundle's boot() step, after a full container is available. That seems right to me, although I expect this would be a significant refactoring (perhaps for one of the upcoming hack days or weekends?). -- jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
