Merge remote branch 'schmittjoh/security'

* schmittjoh/security:
  [SecurityBundle] exposed setting in the configuration
  [Security/Http] removed irrelevant code

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

@@ -56,6 +56,7 @@ class MainConfiguration implements ConfigurationInterface
             ->children()
                 ->scalarNode('access_denied_url')->defaultNull()->end()
                 ->scalarNode('session_fixation_strategy')->cannotBeEmpty()->defaultValue('migrate')->end()
+                ->booleanNode('hide_user_not_found')->defaultTrue()->end()
                 ->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
                 ->arrayNode('access_decision_manager')
                     ->addDefaultsIfNotSet()

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -74,6 +74,7 @@ class SecurityExtension extends Extension
             ->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied'])
         ;
         $container->setParameter('security.access.always_authenticate_before_granting', $config['always_authenticate_before_granting']);
+        $container->setParameter('security.authentication.hide_user_not_found', $config['hide_user_not_found']);
 
         $this->createFirewalls($config, $container);
         $this->createAuthorization($config, $container);

src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml

@@ -141,6 +141,7 @@
             <argument type="service" id="security.user_checker" />
             <argument /> <!-- Provider-shared Key -->
             <argument type="service" id="security.encoder_factory" />
+            <argument>%security.authentication.hide_user_not_found%</argument>
         </service>
 
         <service id="security.authentication.provider.pre_authenticated" class="%security.authentication.provider.pre_authenticated.class%" abstract="true" public="false">

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

@@ -140,8 +140,6 @@ class ExceptionListener
 
     private function startAuthentication(Request $request, AuthenticationException $authException)
     {
-        $this->context->setToken(null);
-
         if (null === $this->authenticationEntryPoint) {
             throw $authException;
         }