diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php index 55916c05..afa04d7c 100644 --- a/DependencyInjection/SecurityExtension.php +++ b/DependencyInjection/SecurityExtension.php @@ -111,6 +111,10 @@ public function load(array $configs, ContainerBuilder $container) $loader->load('security_rememberme.xml'); if ($this->authenticatorManagerEnabled = $config['enable_authenticator_manager']) { + if ($config['always_authenticate_before_granting']) { + throw new InvalidConfigurationException('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.'); + } + $loader->load('security_authenticator.xml'); // The authenticator system no longer has anonymous tokens. This makes sure AccessListener diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php index da09e432..c9328c84 100644 --- a/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/Tests/DependencyInjection/SecurityExtensionTest.php @@ -505,6 +505,21 @@ public function provideEntryPointRequiredData() ]; } + public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticationManager() + { + $this->expectException(InvalidConfigurationException::class); + $this->expectExceptionMessage('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.'); + + $container = $this->getRawContainer(); + $container->loadFromExtension('security', [ + 'enable_authenticator_manager' => true, + 'always_authenticate_before_granting' => true, + 'firewalls' => ['main' => []], + ]); + + $container->compile(); + } + protected function getRawContainer() { $container = new ContainerBuilder();