kekrozsak/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

CHANGELOG
=========

2.1.0
-----

 * [BC BREAK] The custom factories for the firewall configuration are now
   registered during the build method of bundles instead of being registered
   by the end-user (you need to remove the 'factories' keys in your security
   configuration).

 * [BC BREAK] The Firewall listener is now registered after the Router one. This
   means that specific Firewall URLs (like /login_check and /logout must now
   have proper route defined in your routing configuration)

 * [BC BREAK] refactored the user provider configuration. The configuration
   changed for the chain provider and the memory provider:

    Before:

    ``` yaml
    security:
        providers:
            my_chain_provider:
                providers: [my_memory_provider, my_doctrine_provider]
            my_memory_provider:
                users:
                    toto: { password: foobar, roles: [ROLE_USER] }
                    foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
    ```

    After:

    ``` yaml
    security:
        providers:
            my_chain_provider:
                chain:
                    providers: [my_memory_provider, my_doctrine_provider]
            my_memory_provider:
                memory:
                    users:
                        toto: { password: foobar, roles: [ROLE_USER] }
                        foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }
    ```

 * [BC BREAK] Method `equals` was removed from `UserInterface` to its own new
   `EquatableInterface`. The user class can now implement this interface to override
   the default implementation of users equality test.

 * added a validator for the user password
 * added 'erase_credentials' as a configuration key (true by default)
 * added new events: `security.authentication.success` and `security.authentication.failure`
   fired on authentication success/failure, regardless of authentication method,
   events are defined in new event class: `Symfony\Component\Security\Core\AuthenticationEvents`.

 * Added optional CSRF protection to LogoutListener:

    ``` yaml
    security:
        firewalls:
            default:
                logout:
                    path: /logout_path
                    target: /
                    csrf_parameter: _csrf_token        # Optional (defaults to "_csrf_token")
                    csrf_provider:  form.csrf_provider # Required to enable protection
                    intention:      logout             # Optional (defaults to "logout")
    ```

    If the LogoutListener has CSRF protection enabled but cannot validate a token,
   then a LogoutException will be thrown.

 * Added `logout_url` templating helper and Twig extension, which may be used to
   generate logout URL's within templates. The security firewall's config key
   must be specified. If a firewall's logout listener has CSRF protection
   enabled, a token will be automatically added to the generated URL.
Initial commit with Symfony 2.1+Vendors Signed-off-by: Gergely POLONKAI (W00d5t0ck) <polesz@w00d5t0ck.info> 2012-07-01 07:52:20 +00:00			`CHANGELOG`
			`=========`

			`2.1.0`
			`-----`

			`* [BC BREAK] The custom factories for the firewall configuration are now`
			`registered during the build method of bundles instead of being registered`
			`by the end-user (you need to remove the 'factories' keys in your security`
			`configuration).`

			`* [BC BREAK] The Firewall listener is now registered after the Router one. This`
			`means that specific Firewall URLs (like /login_check and /logout must now`
			`have proper route defined in your routing configuration)`

			`* [BC BREAK] refactored the user provider configuration. The configuration`
			`changed for the chain provider and the memory provider:`

			`Before:`

			``` yaml
			`security:`
			`providers:`
			`my_chain_provider:`
			`providers: [my_memory_provider, my_doctrine_provider]`
			`my_memory_provider:`
			`users:`
			`toto: { password: foobar, roles: [ROLE_USER] }`
			`foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }`
			```

			`After:`

			``` yaml
			`security:`
			`providers:`
			`my_chain_provider:`
			`chain:`
			`providers: [my_memory_provider, my_doctrine_provider]`
			`my_memory_provider:`
			`memory:`
			`users:`
			`toto: { password: foobar, roles: [ROLE_USER] }`
			`foo: { password: bar, roles: [ROLE_USER, ROLE_ADMIN] }`
			```

			* [BC BREAK] Method `equals` was removed from `UserInterface` to its own new
			`EquatableInterface`. The user class can now implement this interface to override
			`the default implementation of users equality test.`

			`* added a validator for the user password`
			`* added 'erase_credentials' as a configuration key (true by default)`
			* added new events: `security.authentication.success` and `security.authentication.failure`
			`fired on authentication success/failure, regardless of authentication method,`
			events are defined in new event class: `Symfony\Component\Security\Core\AuthenticationEvents`.

			`* Added optional CSRF protection to LogoutListener:`

			``` yaml
			`security:`
			`firewalls:`
			`default:`
			`logout:`
			`path: /logout_path`
			`target: /`
			`csrf_parameter: _csrf_token # Optional (defaults to "_csrf_token")`
			`csrf_provider: form.csrf_provider # Required to enable protection`
			`intention: logout # Optional (defaults to "logout")`
			```

			`If the LogoutListener has CSRF protection enabled but cannot validate a token,`
			`then a LogoutException will be thrown.`

			* Added `logout_url` templating helper and Twig extension, which may be used to
			`generate logout URL's within templates. The security firewall's config key`
			`must be specified. If a firewall's logout listener has CSRF protection`
			`enabled, a token will be automatically added to the generated URL.`