Fix/role security identity

[wimvds]

We're using our own Role object that implements RoleInterface and the Acl didn't work because of the fact that RoleSecurityIdentity checked on the objects passed being an instance of Role instead of RoleInterface...

I also added some extra sanity checks in the constructor and tests for them.

[stof]

@schmittjoh As you previously rejected such change saying it was a security issue, please explain why (and add a comment in the code to avoid later changes)

[travisbot]

This pull request passes (merged d624d1d into 48e384b).

[vicb]

similar PR: #5076

[mevers47]

We're also using RoleInterface. This would be really nice to have, as it makes Symfony2 even more flexible. Please @schmittjoh why is it a security vulnerability?

[mevers47]

A quick and dirty workaround that worked for me:

In my app/config/config.xml

    <parameters>
        <parameter key="security.acl.security_identity_retrieval_strategy.class">{my bundle}\Security\Acl\Domain\SecurityIdentityRetrievalStrategy</parameter>
    </parameters>

Copy SecurityIdentityRetrievalStrategy to {my bundle}\Security\Acl\Domain\SecurityIdentityRetrievalStrategy
Copy RoleSecurityIdentity to {my bundle}\Security\Acl\Domain\RoleSecurityIdentity
Patch your own RoleSecurityIdentity with this PR (da5ec3b)
Do not forget to change the "equals" method like so:

    /**
     * {@inheritDoc}
     */
    public function equals(SecurityIdentityInterface $sid)
    {
        if (!$sid instanceof RoleSecurityIdentity && !$sid instanceof SymfonyRoleSecurityIdentity) {
            return false;
        }

        return $this->role === $sid->getRole();
    }

[kimausloos]

Any news about this?

[sstok]

@schmittjoh ping

[fabpot]

Closing as this is a duplicate.