symfony · wouterj · Apr 16, 2020 · Apr 11, 2020
diff --git a/testing/http_authentication.rst b/testing/http_authentication.rst
@@ -113,14 +113,17 @@ needs::
         {
             $session = self::$container->get('session');
 
+            // somehow fetch the user (e.g. using the user repository)
+            $user = ...;
+
             $firewallName = 'secure_area';
             // if you don't define multiple connected firewalls, the context defaults to the firewall name
             // See https://symfony.com/doc/current/reference/configuration/security.html#firewall-context
             $firewallContext = 'secured_area';
 
             // you may need to use a different token class depending on your application.
             // for example, when using Guard authentication you must instantiate PostAuthenticationGuardToken
-            $token = new UsernamePasswordToken('admin', null, $firewallName, ['ROLE_ADMIN']);
+            $token = new UsernamePasswordToken($user, null, $firewallName, $user->getRoles());
             $session->set('_security_'.$firewallContext, serialize($token));
             $session->save();