Description
Symfony version(s) affected: 5.1.0
Description
If a stateless firewall is defined, and the new authenticator manager is enabled the following error occurs:
Argument 2 of service "security.listener.session" is abstract: stateless firewall keys.
Some digging appears that the need for the second argument was removed in a recent refactor of the Symfony\Component\Security\Http\EventListener\SessionStrategyListener and the \Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension was updated to no longer add the firewall keys, but in an unrelated refactor changed the service definition in Resources/config/security_authenticator.xml to the following:
<service id="security.listener.session"
class="Symfony\Component\Security\Http\EventListener\SessionStrategyListener"
abstract="true">
<argument type="service" id="security.authentication.session_strategy" />
<argument type="abstract">stateless firewall keys</argument>
</service>
This appears to be the root of the issue.
How to reproduce
Minimal example repo: https://github.com/johnvandeweghe/sf-session-listener-bug
- Add
enable_authenticator_manager: truetosecurity.yaml - Add a stateless firewall:
main:
pattern: ^/api
stateless: true
http_basic: ~
- Try to run the
bin/consolescript.
Possible Solution
Changing the service definition to the following - removing the abstract definition and the second argument - fixes it for me (and matches up with the class code):
<service id="security.listener.session"
class="Symfony\Component\Security\Http\EventListener\SessionStrategyListener">
<argument type="service" id="security.authentication.session_strategy" />
</service>
Additional context
This doesn't appear to be a problem if there are no stateless firewalls defined, which is likely why it has gone unnoticed during development.
This is my first bug report for Symfony, let me know if any more detail is needed!