Merge remote branch 'schmittjoh/parameterCleanup'

* schmittjoh/parameterCleanup:
  [SecurityBundle] inline parameters which are only used in one place
  [SecurityBundle] moved all non-class parameters to the Configuration file

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Configuration.php

@@ -49,6 +49,15 @@ class Configuration
             ->children()
                 ->scalarNode('access_denied_url')->defaultNull()->end()
                 ->scalarNode('session_fixation_strategy')->cannotBeEmpty()->defaultValue('migrate')->end()
+                ->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
+                ->arrayNode('access_decision_manager')
+                    ->addDefaultsIfNotSet()
+                    ->children()
+                        ->scalarNode('strategy')->defaultValue('affirmative')->end()
+                        ->booleanNode('allow_if_all_abstain')->defaultFalse()->end()
+                        ->booleanNode('allow_if_equal_granted_denied')->defaultTrue()->end()
+                    ->end()
+                ->end()
             ->end()
             // add a faux-entry for factories, so that no validation error is thrown
             ->fixXmlConfig('factory', 'factories')
@@ -74,7 +83,29 @@ class Configuration
                 ->arrayNode('acl')
                     ->children()
                         ->scalarNode('connection')->end()
-                        ->scalarNode('cache')->end()
+                        ->arrayNode('cache')
+                            ->addDefaultsIfNotSet()
+                            ->children()
+                                ->scalarNode('id')->end()
+                                ->scalarNode('prefix')->defaultValue('sf2_acl_')->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('tables')
+                            ->addDefaultsIfNotSet()
+                            ->children()
+                                ->scalarNode('class')->defaultValue('acl_classes')->end()
+                                ->scalarNode('entry')->defaultValue('acl_entries')->end()
+                                ->scalarNode('object_identity')->defaultValue('acl_object_identities')->end()
+                                ->scalarNode('object_identity_ancestors')->defaultValue('acl_object_identity_ancestors')->end()
+                                ->scalarNode('security_identity')->defaultValue('acl_security_identities')->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('voter')
+                            ->addDefaultsIfNotSet()
+                            ->children()
+                                ->booleanNode('allow_if_object_identity_unavailable')->defaultTrue()->end()
+                            ->end()
+                        ->end()
                     ->end()
                 ->end()
             ->end()

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -66,7 +66,14 @@ class SecurityExtension extends Extension
 
         // set some global scalars
         $container->setParameter('security.access.denied_url', $config['access_denied_url']);
-        $container->setParameter('security.authentication.session_strategy.strategy', $config['session_fixation_strategy']);
+        $container->getDefinition('security.authentication.session_strategy')->setArgument(0, $config['session_fixation_strategy']);
+        $container
+            ->getDefinition('security.access.decision_manager')
+            ->addArgument($config['access_decision_manager']['strategy'])
+            ->addArgument($config['access_decision_manager']['allow_if_all_abstain'])
+            ->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied'])
+        ;
+        $container->setParameter('security.access.always_authenticate_before_granting', $config['always_authenticate_before_granting']);
 
         $this->createFirewalls($config, $container);
         $this->createAuthorization($config, $container);
@@ -111,9 +118,23 @@ class SecurityExtension extends Extension
             $container->setAlias('security.acl.dbal.connection', sprintf('doctrine.dbal.%s_connection', $config['connection']));
         }
 
-        if (isset($config['cache'])) {
-            $container->setAlias('security.acl.cache', sprintf('security.acl.cache.%s', $config['cache']));
+        if (isset($config['cache']['id'])) {
+            $container->setAlias('security.acl.cache', $config['cache']['id']);
         }
+        $container->getDefinition('security.acl.cache.doctrine')->addArgument($config['cache']['prefix']);
+
+        $container
+            ->getDefinition('security.acl.dbal.provider')
+            ->setArgument(2, array(
+                'class_table_name' => $config['tables']['class'],
+                'entry_table_name' => $config['tables']['entry'],
+                'oid_table_name'   => $config['tables']['object_identity'],
+                'oid_ancestors_table_name' => $config['tables']['object_identity_ancestors'],
+                'sid_table_name' => $config['tables']['security_identity'],
+            ))
+        ;
+
+        $container->getDefinition('security.acl.voter.basic_permissions')->addArgument($config['voter']['allow_if_object_identity_unavailable']);
     }
 
     /**

src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml

@@ -6,7 +6,6 @@
 
     <parameters>
         <parameter key="security.context.class">Symfony\Component\Security\Core\SecurityContext</parameter>
-        <parameter key="security.context.always_authenticate">false</parameter>
 
         <parameter key="security.user_checker.class">Symfony\Component\Security\Core\User\UserChecker</parameter>
 
@@ -26,12 +25,8 @@
         <parameter key="security.authentication.manager.class">Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager</parameter>
 
         <parameter key="security.authentication.session_strategy.class">Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy</parameter>
-        <parameter key="security.authentication.session_strategy.strategy">migrate</parameter>
 
         <parameter key="security.access.decision_manager.class">Symfony\Component\Security\Core\Authorization\AccessDecisionManager</parameter>
-        <parameter key="security.access.decision_manager.strategy">affirmative</parameter>
-        <parameter key="security.access.decision_manager.allow_if_all_abstain">false</parameter>
-        <parameter key="security.access.decision_manager.allow_if_equal_granted_denied">true</parameter>
 
         <parameter key="security.access.simple_role_voter.class">Symfony\Component\Security\Core\Authorization\Voter\RoleVoter</parameter>
         <parameter key="security.access.authenticated_voter.class">Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter</parameter>
@@ -49,7 +44,7 @@
         <service id="security.context" class="%security.context.class%">
             <argument type="service" id="security.authentication.manager" />
             <argument type="service" id="security.access.decision_manager" />
-            <argument>%security.context.always_authenticate%</argument>
+            <argument>%security.access.always_authenticate_before_granting%</argument>
         </service>
 
         <!-- Authentication related services -->
@@ -63,7 +58,7 @@
         </service>
 
         <service id="security.authentication.session_strategy" class="%security.authentication.session_strategy.class%" public="false">
-            <argument>%security.authentication.session_strategy.strategy%</argument>
+            <argument /> <!-- Strategy -->
         </service>
 
         <service id="security.encoder_factory.generic" class="%security.encoder_factory.generic.class%" public="false">
@@ -78,9 +73,6 @@
         <!-- Authorization related services -->
         <service id="security.access.decision_manager" class="%security.access.decision_manager.class%" public="false">
             <argument type="collection"></argument>
-            <argument>%security.access.decision_manager.strategy%</argument>
-            <argument>%security.access.decision_manager.allow_if_all_abstain%</argument>
-            <argument>%security.access.decision_manager.allow_if_equal_granted_denied%</argument>
         </service>
 
         <service id="security.role_hierarchy" class="%security.role_hierarchy.class%" public="false">

src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl.xml

@@ -5,24 +5,17 @@
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
 
     <parameters>
-        <parameter key="security.acl.dbal.class_table_name">acl_classes</parameter>
-        <parameter key="security.acl.dbal.entry_table_name">acl_entries</parameter>
-        <parameter key="security.acl.dbal.oid_table_name">acl_object_identities</parameter>
-        <parameter key="security.acl.dbal.oid_ancestors_table_name">acl_object_identity_ancestors</parameter>
-        <parameter key="security.acl.dbal.sid_table_name">acl_security_identities</parameter>
         <parameter key="security.acl.dbal.provider.class">Symfony\Component\Security\Acl\Dbal\MutableAclProvider</parameter>
 
         <parameter key="security.acl.permission_granting_strategy.class">Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy</parameter>
 
         <parameter key="security.acl.voter.class">Symfony\Component\Security\Acl\Voter\AclVoter</parameter>
-        <parameter key="security.acl.voter.allow_if_object_identity_unavailable">true</parameter>
         <parameter key="security.acl.permission.map.class">Symfony\Component\Security\Acl\Permission\BasicPermissionMap</parameter>
 
         <parameter key="security.acl.object_identity_retrieval_strategy.class">Symfony\Component\Security\Acl\Domain\ObjectIdentityRetrievalStrategy</parameter>
         <parameter key="security.acl.security_identity_retrieval_strategy.class">Symfony\Component\Security\Acl\Domain\SecurityIdentityRetrievalStrategy</parameter>
 
         <parameter key="security.acl.cache.doctrine.class">Symfony\Component\Security\Acl\Domain\DoctrineAclCache</parameter>
-        <parameter key="security.acl.cache.doctrine.prefix">sf2_acl_</parameter>
 
         <parameter key="security.acl.collection_cache.class">Symfony\Component\Security\Acl\Domain\AclCollectionCache</parameter>
     </parameters>
@@ -40,13 +33,7 @@
         <service id="security.acl.dbal.provider" class="%security.acl.dbal.provider.class%" public="false">
             <argument type="service" id="security.acl.dbal.connection" />
             <argument type="service" id="security.acl.permission_granting_strategy" />
-            <argument type="collection">
-                <argument key="class_table_name">%security.acl.dbal.class_table_name%</argument>
-                <argument key="entry_table_name">%security.acl.dbal.entry_table_name%</argument>
-                <argument key="oid_table_name">%security.acl.dbal.oid_table_name%</argument>
-                <argument key="oid_ancestors_table_name">%security.acl.dbal.oid_ancestors_table_name%</argument>
-                <argument key="sid_table_name">%security.acl.dbal.sid_table_name%</argument>
-            </argument>
+            <argument /> <!-- Table collection -->
             <argument type="service" id="security.acl.cache" on-invalid="null" />
         </service>
 
@@ -61,7 +48,6 @@
         <service id="security.acl.cache.doctrine" class="%security.acl.cache.doctrine.class%" public="false">
             <argument type="service" id="security.acl.cache.doctrine_cache_impl" />
             <argument type="service" id="security.acl.permission_granting_strategy" />        
-            <argument>%security.acl.cache.doctrine.prefix%</argument>
         </service>
 
         <service id="security.acl.cache.doctrine.cache_impl" alias="doctrine.orm.default_result_cache" public="false" />
@@ -74,7 +60,6 @@
             <argument type="service" id="security.acl.security_identity_retrieval_strategy" />
             <argument type="service" id="security.acl.permission.map" />
             <argument type="service" id="logger" on-invalid="null" />
-            <argument>%security.acl.voter.allow_if_object_identity_unavailable%</argument>
             <tag name="security.voter" priority="255" />
         </service>
     </services>