[Security] Customized access decision manager configuration is ignored

**Symfony version(s) affected**: 3.4.15

**Description**  
All customized security.yml options for the access decision manager are ignored if the 'strategy' option is not defined. Our application only implemented 'allow_if_all_abstain'. It reverted to the default value 'false' while it was defined as 'true'.

![image](https://user-images.githubusercontent.com/13848243/46608308-a26a8e00-cb04-11e8-952e-bafd0d65e306.png)




**How to reproduce**  
Change the default value of any of the access_decision_manager options but omit the 'strategy' option.

**Possible Solution**  
I think it is caused by the following changes in Symfony\Bundle\SecurityBundle\DependencyInjection\MainConfiguration.php:
![image](https://user-images.githubusercontent.com/13848243/46608187-2bcd9080-cb04-11e8-8999-c7291e0d0089.png)

**Additional context**  
I'm not sure if this is the lowest version in which this issue occurs, we upgraded from 3.3.18.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Security] Customized access decision manager configuration is ignored #28766

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Security] Customized access decision manager configuration is ignored #28766

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions