New in Symfony 3.4: Improved security listeners

Contributed by
Robin Chalas
in #23114 and #23105.

In Symfony applications, security listeners are used by firewalls to handle the security mechanisms configured, such as the Remember Me feature or the User Impersonation feature.

Some of these listeners are quite complex and require lots of dependencies (for example, the User Impersonation listener has nine constructor arguments). The main firewall listener iterates through all the configured listeners until one of them returns a Response object. In practice this means that most listeners are never executed even if they have been initialized.

In Symfony 3.4 we improved the security listeners to be lazy loaded. This means that only the executed listeners are initialized, slightly improving the overall performance. This improvement is automatically applied when you upgrade to Symfony 3.4, so you don't have to make any change in your application.

Security Listeners in the Profiler¶

In Symfony 3.1 we improved the security panel in the profiler to show you the configured voters and the full log of the Access Decision Manager. In Symfony 3.4, we improved that panel again to show more information about the listeners:

The new panel displays all the executed security listeners, the time it took to execute each of them and the values returned.