[SecurityBundle] Fix the session listener registration under the new authentication manager

Author: johnvandeweghe

DependencyInjection/SecurityExtension.php

@@ -168,14 +168,6 @@ public function load(array $configs, ContainerBuilder $container)
         $container->getDefinition('security.authentication.guard_handler')
             ->replaceArgument(2, $this->statelessFirewallKeys);
 
-        if ($this->authenticatorManagerEnabled) {
-            foreach ($this->statelessFirewallKeys as $statelessFirewallId) {
-                $container
-                    ->setDefinition('security.listener.session.'.$statelessFirewallId, new ChildDefinition('security.listener.session'))
-                    ->addTag('kernel.event_subscriber', ['dispatcher' => 'security.event_dispatcher.'.$statelessFirewallId]);
-            }
-        }
-
         if ($config['encoders']) {
             $this->createEncoders($config['encoders'], $container);
         }
@@ -373,6 +365,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
             $contextKey = $firewall['context'] ?? $id;
             $listeners[] = new Reference($contextListenerId = $this->createContextListener($container, $contextKey));
             $sessionStrategyId = 'security.authentication.session_strategy';
+
+            if ($this->authenticatorManagerEnabled) {
+                $container
+                    ->setDefinition('security.listener.session.'.$id, new ChildDefinition('security.listener.session'))
+                    ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+            }
         } else {
             $this->statelessFirewallKeys[] = $id;
             $sessionStrategyId = 'security.authentication.session_strategy_noop';

Resources/config/security_authenticator.xml

@@ -63,7 +63,6 @@
                  class="Symfony\Component\Security\Http\EventListener\SessionStrategyListener"
                  abstract="true">
             <argument type="service" id="security.authentication.session_strategy" />
-            <argument type="abstract">stateless firewall keys</argument>
         </service>
 
         <service id="security.listener.remember_me"

Tests/DependencyInjection/SecurityExtensionTest.php

@@ -559,6 +559,48 @@ public function provideConfigureCustomAuthenticatorData()
         ];
     }
 
+    public function testCompilesWithoutSessionListenerWithStatelessFirewallWithAuthenticationManager()
+    {
+        $container = $this->getRawContainer();
+
+        $firewallId = 'stateless_firewall';
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                $firewallId => [
+                    'pattern' => '/.*',
+                    'stateless' => true,
+                    'http_basic' => null,
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertFalse($container->has('security.listener.session.'.$firewallId));
+    }
+
+    public function testCompilesWithSessionListenerWithStatefulllFirewallWithAuthenticationManager()
+    {
+        $container = $this->getRawContainer();
+
+        $firewallId = 'statefull_firewall';
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                $firewallId => [
+                    'pattern' => '/.*',
+                    'stateless' => false,
+                    'http_basic' => null,
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertTrue($container->has('security.listener.session.'.$firewallId));
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();