Merge branch '4.4' into 5.3

* 4.4:
  Default access_decision_manager.strategy option with merge.

Author: derrabus

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

@@ -48,24 +48,6 @@ public function getConfigTreeBuilder()
         $rootNode = $tb->getRootNode();
 
         $rootNode
-            ->beforeNormalization()
-                ->ifTrue(function ($v) {
-                    if (!isset($v['access_decision_manager'])) {
-                        return true;
-                    }
-
-                    if (!isset($v['access_decision_manager']['strategy']) && !isset($v['access_decision_manager']['service'])) {
-                        return true;
-                    }
-
-                    return false;
-                })
-                ->then(function ($v) {
-                    $v['access_decision_manager']['strategy'] = AccessDecisionManager::STRATEGY_AFFIRMATIVE;
-
-                    return $v;
-                })
-            ->end()
             ->beforeNormalization()
                 ->ifTrue(function ($v) {
                     if ($v['encoders'] ?? false) {

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -39,6 +39,7 @@
 use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Encoder\NativePasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
@@ -163,7 +164,7 @@ public function load(array $configs, ContainerBuilder $container)
         } else {
             $container
                 ->getDefinition('security.access.decision_manager')
-                ->addArgument($config['access_decision_manager']['strategy'])
+                ->addArgument($config['access_decision_manager']['strategy'] ?? AccessDecisionManager::STRATEGY_AFFIRMATIVE)
                 ->addArgument($config['access_decision_manager']['allow_if_all_abstain'])
                 ->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied']);
         }

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php

@@ -15,6 +15,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\MainConfiguration;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\Definition\Processor;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
 
 class MainConfigurationTest extends TestCase
 {
@@ -113,4 +114,22 @@ public function testUserCheckers()
 
         $this->assertEquals('app.henk_checker', $processedConfig['firewalls']['stub']['user_checker']);
     }
+
+    public function testConfigMergeWithAccessDecisionManager()
+    {
+        $config = [
+            'access_decision_manager' => [
+                'strategy' => AccessDecisionManager::STRATEGY_UNANIMOUS,
+            ],
+        ];
+        $config = array_merge(static::$minimalConfig, $config);
+
+        $config2 = [];
+
+        $processor = new Processor();
+        $configuration = new MainConfiguration([], []);
+        $processedConfig = $processor->processConfiguration($configuration, [$config, $config2]);
+
+        $this->assertSame(AccessDecisionManager::STRATEGY_UNANIMOUS, $processedConfig['access_decision_manager']['strategy']);
+    }
 }