Skip to content

[Security] Firewall requires the provider to be configured even if it does not allow full authentication #34504

@michaljusiega

Description

@michaljusiega

Symfony version(s) affected: 4.4.0

Description
Hello.

Next error from 4.3 to 4.4. My monolith throws an exception after upgrading to 4.4 about security.

Not configuring explicitly the provider for the "anonymous" listener on "main" firewall is ambiguous as there is more than one registered provider.

In SF 4.3 everything works fine. I have not noticed any changes in this topic in the history of changes.

How to reproduce
My security.yaml looks like:

security:
    providers:
        intranet_users:
            entity: { class: SOME\ENTITY\CLASS, property: email }
        rest_api_provider:
            memory:
                users:
                    SOME_REST_LOGIN: { password: SOME_REST_PASSWORD, roles: 'ROLE_REST_API_USER' }
    
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api:
            pattern:   ^/(webservices/rest/)
            provider:  rest_api_provider
            anonymous: false
            http_basic:
                realm: 'SOME DESCRIPTION'
        main:
            anonymous: ~

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions