Symfony 2 SecurityContext class deprecated

Question

I get the following error when I try to reach app/example on symfony demo

Error: The Symfony\Component\Security\Core\SecurityContext class is deprecated since version 2.6 and will be removed in 3.0. Use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage or Symfony\Component\Security\Core\Authorization\AuthorizationChecker instead.

The server is returning the right answer with a 200 status code though.

I've found nothing on Google about it. Has anybody encounter this error before and/or know how to fix it ?

Answer 1

Explanation

Starting with Symfony 2.6 the SecurityContext got split into the TokenStorage and the AuthorizationChecker (see: Symfony Blog - "New in Symfony 2.6: Security component improvements").

The main reason for this was to prevent circular reference which occurred quite often when injecting the SecurityContext into your own services.

Solution

The change itself is 100% backwards compatible (as stated in the linked blog post), you just need to rewrite how you accessed the SecurityContext.

// Symfony 2.5 $user = $this->get('security.context')->getToken()->getUser(); // Symfony 2.6 $user = $this->get('security.token_storage')->getToken()->getUser();  // Symfony 2.5 if (false === $this->get('security.context')->isGranted('ROLE_ADMIN')) { ... } // Symfony 2.6 if (false === $this->get('security.authorization_checker')->isGranted('ROLE_ADMIN')) { ... } 

You can simply try to find the culprit by doing a text-search for security.context or SecurityContext in your source code (including the vendor directory).

But as you stated that you're using vanilla Symfony 2.6 it seems that it simply uses some soon to be deprecated methods. So you might simply use this...

Workaround

As Symfony does it's deprecation by triggering E_USER_DEPRECATED errors, you can simply disable them when booting your Symfony AppKernel:

// app/AppKernel.php class AppKernel extends Kernel {     public function __construct($environment, $debug) {         // Keep error reporting like it was and disable only deprecation warnings.         error_reporting(error_reporting() & (-1 ^ E_DEPRECATED));         // ...     } } 

I personally like the deprecation warnings, because Symfony's changelogs tend to give very detailed information on how you need to change your code to support future versions of Symfony and the deprecation warnings normally are triggered months before the methods are actually deprecated.

Answer 2

It's not a proper error, just a warning.

A deprecated class is a class that is planned to be removed in future releases (of Symfony, in this case).

It suggest you to stop using it, and points you to the newer (and substitutes) class, TokenStorage and AuthorizationChecker, that will take completly over to do the same tasks.