Merge branch '2.7'

* 2.7:
  removing duplicate key
  Updating one more reference of security.context that I missed in the merge
  [Security] Removed deprecated example about SecurityContext
  Use denyAccessUnlessGranted shortcut
  Use new security.authorization_checker service

Author: weaverryan

best_practices/security.rst

@@ -75,14 +75,14 @@ Authorization (i.e. Denying Access)
 Symfony gives you several ways to enforce authorization, including the ``access_control``
 configuration in :doc:`security.yml </reference/configuration/security>` the
 :ref:`@Security annotation <best-practices-security-annotation>` and using
-:ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context``
+:ref:`isGranted <best-practices-directly-isGranted>` on the ``security.authorization_checker``
 service directly.
 
 .. best-practice::
 
     * For protecting broad URL patterns, use ``access_control``;
     * Whenever possible, use the ``@Security`` annotation;
-    * Check security directly on the ``security.context`` service whenever
+    * Check security directly on the ``security.authorization_checker`` service whenever
       you have a more complex situation.
 
 There are also different ways to centralize your authorization logic, like
@@ -315,7 +315,7 @@ Now, you can use the voter with the ``@Security`` annotation:
         // ...
     }
 
-You can also use this directly with the ``security.context`` service, or
+You can also use this directly with the ``security.authorization_checker`` service, or
 via the even easier shortcut in a controller:
 
 .. code-block:: php
@@ -327,9 +327,13 @@ via the even easier shortcut in a controller:
     {
         $post = // query for the post ...
 
-        if (!$this->get('security.context')->isGranted('edit', $post)) {
-            throw $this->createAccessDeniedException();
-        }
+        $this->denyAccessUnlessGranted('edit', $post);
+
+        // or without the shortcut:
+        //
+        // if (!$this->get('security.authorization_checker')->isGranted('edit', $post)) {
+        //    throw $this->createAccessDeniedException();
+        // }
     }
 
 Learn More

book/security.rst

@@ -1061,8 +1061,6 @@ key:
 
 .. _book-security-logging-out:
 
-.. _book-security-logging-out:
-
 Logging Out
 -----------
 

components/security/firewall.rst

@@ -1,38 +1,42 @@
 .. index::
    single: Security, Firewall
 
-The Firewall and Security Context
-=================================
+The Firewall and Authorization
+==============================
 
-Central to the Security component is the security context, which is an instance
-of :class:`Symfony\\Component\\Security\\Core\\SecurityContextInterface`. When all
-steps in the process of authenticating the user have been taken successfully,
-you can ask the security context if the authenticated user has access to a
+Central to the Security component is authorization. This is handled by an instance
+of :class:`Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationCheckerInterface`.
+When all steps in the process of authenticating the user have been taken successfully,
+you can ask the authorization checker if the authenticated user has access to a
 certain action or resource of the application::
 
-    use Symfony\Component\Security\Core\SecurityContext;
+    use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
     use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
+    // instance of Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface
+    $tokenStorage = ...;
+
     // instance of Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface
     $authenticationManager = ...;
 
     // instance of Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface
     $accessDecisionManager = ...;
 
-    $securityContext = new SecurityContext(
+    $authorizationChecker = new AuthorizationChecker(
+        $tokenStorage,
         $authenticationManager,
         $accessDecisionManager
     );
 
     // ... authenticate the user
 
-    if (!$securityContext->isGranted('ROLE_ADMIN')) {
+    if (!$authorizationChecker->isGranted('ROLE_ADMIN')) {
         throw new AccessDeniedException();
     }
 
 .. versionadded:: 2.6
-    As of Symfony 2.6, the :class:`Symfony\\Component\\Security\\Core\\SecurityContext` class was split 
-    in the :class:`Symfony\\Component\\Security\\Core\\Authentication\\Authorization\\AuthorizationChecker` and 
+    As of Symfony 2.6, the :class:`Symfony\\Component\\Security\\Core\\SecurityContext` class was split
+    in the :class:`Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationChecker` and
     :class:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorage` classes.
 
 .. note::

cookbook/expression/expressions.rst

@@ -39,7 +39,7 @@ accepts an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` object::
 
     public function indexAction()
     {
-        if (!$this->get('security.context')->isGranted(new Expression(
+        if (!$this->get('security.authorization_checker')->isGranted(new Expression(
             '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
         ))) {
             throw $this->createAccessDeniedException();
@@ -99,10 +99,10 @@ Additionally, you have access to a number of functions inside the expression:
         use Symfony\Component\ExpressionLanguage\Expression;
         // ...
 
-        $sc = $this->get('security.context');
-        $access1 = $sc->isGranted('IS_AUTHENTICATED_REMEMBERED');
+        $ac = $this->get('security.authorization_checker');
+        $access1 = $ac->isGranted('IS_AUTHENTICATED_REMEMBERED');
 
-        $access2 = $sc->isGranted(new Expression(
+        $access2 = $ac->isGranted(new Expression(
             'is_remember_me() or is_fully_authenticated()'
         ));
 

cookbook/profiler/matchers.rst

@@ -90,7 +90,7 @@ something like::
     }
 
 .. versionadded:: 2.6
-    The :class:`Symfony\\Component\\Security\\Core\\Authentication\\Authorization\\AuthorizationCheckerInterface` was
+    The :class:`Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationCheckerInterface` was
     introduced in Symfony 2.6. Prior, you had to use the ``isGranted`` method of
     :class:`Symfony\\Component\\Security\\Core\\SecurityContextInterface`.