symfony · fabpot · Dec 8, 2016 · Nov 28, 2016
diff --git a/UPGRADE-3.3.md b/UPGRADE-3.3.md
@@ -6,3 +6,9 @@ ClassLoader
 
  * The ApcClassLoader, WinCacheClassLoader and XcacheClassLoader classes have been deprecated
    in favor of the `--apcu-autoloader` option introduced in composer 1.3
+
+Security
+--------
+
+ * The `RoleInterface` has been deprecated. Extend the `Symfony\Component\Security\Core\Role\Role`
+   class in your custom role implementations instead.
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
@@ -170,6 +170,12 @@ HttpKernel
 
  * The `DataCollector::varToString()` method has been removed in favor of `cloneVar()`.
 
+Security
+--------
+
+ * The `RoleInterface` has been removed. Extend the `Symfony\Component\Security\Core\Role\Role`
+   class instead.
+
 Serializer
 ----------
 

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -33,7 +33,7 @@ abstract class AbstractToken implements TokenInterface
     /**
      * Constructor.
      *
-     * @param RoleInterface[]|string[] $roles An array of roles
+     * @param (Role|string)[] $roles An array of roles
      *
      * @throws \InvalidArgumentException
      */

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
@@ -11,7 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
-use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\Role\Role;
 
 /**
  * AnonymousToken represents an anonymous token.
@@ -25,9 +25,9 @@ class AnonymousToken extends AbstractToken
     /**
      * Constructor.
      *
-     * @param string          $secret A secret used to make sure the token is created by the app and not by a malicious client
-     * @param string|object   $user   The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string
-     * @param RoleInterface[] $roles  An array of roles
+     * @param string        $secret A secret used to make sure the token is created by the app and not by a malicious client
+     * @param string|object $user   The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string
+     * @param Role[]        $roles  An array of roles
      */
     public function __construct($secret, $user, array $roles = array())
     {

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
@@ -11,7 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
-use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\Role\Role;
 
 /**
  * PreAuthenticatedToken implements a pre-authenticated token.
@@ -26,10 +26,10 @@ class PreAuthenticatedToken extends AbstractToken
     /**
      * Constructor.
      *
-     * @param string|object            $user        The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string
-     * @param mixed                    $credentials The user credentials
-     * @param string                   $providerKey The provider key
-     * @param RoleInterface[]|string[] $roles       An array of roles
+     * @param string|object   $user        The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string
+     * @param mixed           $credentials The user credentials
+     * @param string          $providerKey The provider key
+     * @param (Role|string)[] $roles       An array of roles
      */
     public function __construct($user, $credentials, $providerKey, array $roles = array())
     {

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
@@ -11,7 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
-use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\Role\Role;
 
 /**
  * UsernamePasswordToken implements a username and password token.
@@ -26,10 +26,10 @@ class UsernamePasswordToken extends AbstractToken
     /**
      * Constructor.
      *
-     * @param string|object            $user        The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
-     * @param string                   $credentials This usually is the password of the user
-     * @param string                   $providerKey The provider key
-     * @param RoleInterface[]|string[] $roles       An array of roles
+     * @param string|object   $user        The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
+     * @param string          $credentials This usually is the password of the user
+     * @param string          $providerKey The provider key
+     * @param (Role|string)[] $roles       An array of roles
      *
      * @throws \InvalidArgumentException
      */

diff --git a/src/Symfony/Component/Security/Core/Role/Role.php b/src/Symfony/Component/Security/Core/Role/Role.php
@@ -12,8 +12,7 @@
 namespace Symfony\Component\Security\Core\Role;
 
 /**
- * Role is a simple implementation of a RoleInterface where the role is a
- * string.
+ * Role is a simple implementation representing a role identified by a string.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */

diff --git a/src/Symfony/Component/Security/Core/Role/RoleInterface.php b/src/Symfony/Component/Security/Core/Role/RoleInterface.php
@@ -18,6 +18,8 @@
  * supported by at least one AccessDecisionManager.
  *
  * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated The RoleInterface is deprecated since version 3.3 and will be removed in 4.0. Extend the Symfony\Component\Security\Core\Role\Role class instead.
  */
 interface RoleInterface
 {

diff --git a/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php b/src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php
@@ -12,7 +12,7 @@
 namespace Symfony\Component\Security\Guard\Token;
 
 use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
-use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -28,9 +28,9 @@ class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenIn
     private $providerKey;
 
     /**
-     * @param UserInterface            $user        The user!
-     * @param string                   $providerKey The provider (firewall) key
-     * @param RoleInterface[]|string[] $roles       An array of roles
+     * @param UserInterface   $user        The user!
+     * @param string          $providerKey The provider (firewall) key
+     * @param (Role|string)[] $roles       An array of roles
      *
      * @throws \InvalidArgumentException
      */

diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Http\Tests\Firewall;
 
+use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Http\Event\SwitchUserEvent;
 use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
 use Symfony\Component\Security\Http\SecurityEvents;
@@ -66,7 +67,7 @@ public function testEventIsIgnoredIfUsernameIsNotPassedWithTheRequest()
      */
     public function testExitUserThrowsAuthenticationExceptionIfOriginalTokenCannotBeFound()
     {
-        $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+        $token = $this->getToken(array(new Role('the role')));
 
         $this->tokenStorage->expects($this->any())->method('getToken')->will($this->returnValue($token));
         $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('_exit'));
@@ -216,7 +217,7 @@ public function testExitUserDoesNotDispatchEventWithStringUser()
      */
     public function testSwitchUserIsDisallowed()
     {
-        $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+        $token = $this->getToken(array(new Role('the role')));
 
         $this->tokenStorage->expects($this->any())->method('getToken')->will($this->returnValue($token));
         $this->request->expects($this->any())->method('get')->with('_switch_user')->will($this->returnValue('kuba'));
@@ -231,7 +232,7 @@ public function testSwitchUserIsDisallowed()
 
     public function testSwitchUser()
     {
-        $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+        $token = $this->getToken(array(new Role('the role')));
         $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
         $user->expects($this->any())->method('getRoles')->will($this->returnValue(array()));
 
@@ -261,7 +262,7 @@ public function testSwitchUser()
 
     public function testSwitchUserKeepsOtherQueryStringParameters()
     {
-        $token = $this->getToken(array($this->getMock('Symfony\Component\Security\Core\Role\RoleInterface')));
+        $token = $this->getToken(array(new Role('the role')));
         $user = $this->getMock('Symfony\Component\Security\Core\User\UserInterface');
         $user->expects($this->any())->method('getRoles')->will($this->returnValue(array()));