AuthenticationSuccessHandler should not be tagged as final class

[mboron83]

Hi, my phpstan discovered that AuthenticationSuccessHandler is final class and I'm not able to extend it. I checked source and class is not final but has @final annotation. In my opinion it's wrong because on the other side you allow to configure custom success handler via security.yaml:

    api_login:
        provider: app_user_provider
        pattern: ^/api/login
        stateless: true
        json_login:
            check_path: /api/login_check
            success_handler: App\Service\Authentication\ApiLoginSuccessHandler
            failure_handler: App\Service\Authentication\ApiLoginFailureHandler

[Spomky]

This looks good to me. The @final is used to avoid incompatibilities with old PHP versions. But at a time, it will become a final statement.

You should not extend it, but create you own class with the application logic you expect. Then, configure it as you mentioned.

[mboron83]

This looks good to me. The @final is used to avoid incompatibilities with old PHP versions. But at a time, it will become a final statement.

You should not extend it, but create you own class with the application logic you expect. Then, configure it as you mentioned.

Thank you for reply. Now I understand your point of view. I guess. in that case AuthenticationFailureHandler should also be tagged as final because now there is small inconsistency.