Symfony News

New in Symfony 3.4: Services are private by default

Contributed by
Nicolas Grekas
in #24238 and #24104.

In Symfony applications, services and aliases are public by default. This allows to easily get services in controllers that extend from the Symfony base controller ($this->get('app.my_service')) or just by injecting the entire container ($container->get('app.my_service')).

This is not considered a good practice and we're slowly moving away from it. That's why in Symfony 3.4 services and aliases will be private by default. If you use autowiring in your application, you don't have to make any change because you are already injecting the services instead of getting them via their public ID.

Otherwise, you must update your application to mark services as public when they are meant to be accessed publicly. If you use YAML to configure services:

1
2
3
4
5
6
7

services:
    # this makes public all the services defined in this file
    _defaults: { public: true }

    # you can also make public individual services
    App\Manager\UserManager:
        public: true

If you use XML to configure services:

1
2
3
4
5
6
7

<services>
    <!-- this makes public all the services defined in this file -->
    <defaults public="true" />

    <!-- you can also make public individual services -->
    <service id="App\Manager\UserManager" public="true"></service>
</services>

If you use PHP, add the ->setPublic(true) call to the appropriate service definition.

This change will also impact to the third-party bundles used in your projects. Contact bundle authors and open issues in their repositories to ask them to make public the services that are meant to be accessed publicly.

In Symfony core we've already do that and we made all services and aliases private except the following to maintain backward compatibility:

• cache.app_clearer alias (for the cache:pool:clear command to clear app pools)
• cache.app (for userland only)
• cache.global_clearer (for the cache:pool:clear command to clear all pools)
• cache.system (for userland only)
• cache_clearer (for the cache:clear command)
• cache_warmer (required to bootstrap the kernel)
• $commandId alias (for non-lazy commands which are get() at runtime)
• data_collector.dump (required to have dump() work very early when booting the kernel)
• event_dispatcher (required to wire console apps)
• filesystem (for use in ContainerAware classes)
• form.factory (for the base controller)
• http_kernel (required to bootstrap the kernel)
• kernel (for use in ContainerAware classes)
• profiler (used in tests)
• request_stack (for the base controller)
• router alias (for the base controller)
• routing.loader (used by routing)
• security.authentication_utils (for use in ContainerAware classes)
• security.authorization_checker (for the base controller)
• security.csrf.token_manager (for the base controller)
• security.password_encoder (for use in ContainerAware classes)
• security.token_storage (for the base controller)
• serializer (for the base controller)
• session (for the base controller)
• state_machine.abstract (userland state machines)
• templating alias (for the base controller)
• test.client (for WebTestCase)
• translator (for use in ContainerAware classes)
• twig.controller.exception (controllers referenced by routing)
• twig.controller.preview_error (controllers referenced by routing)
• twig (for the base controller)
• validator (for use in ContainerAware classes)
• var_dumper.cloner (required to have dump() work very early when booting the kernel)
• web_profiler.controller.exception (controllers referenced by routing)
• web_profiler.controller.profiler (controllers referenced by routing)
• web_profiler.controller.router (controllers referenced by routing)
• workflow.abstract (userland workflows)