ModuleRouteListener won't Trigger MvcAuthEvents

[weierophinney]

Hi,

i have updated Apigility today and run in to this behaviour:

The oauth2 authentication rules did not work and everything was outside of authentication and served without checking if user has right Authorization header set.

What i found was that, whe i change this code in module/Application/Module.php

$moduleRouteListener = new ModuleRouteListener();
$moduleRouteListener->attach($eventManager);

to

$mvcAuthEvent = new MvcAuthEvent($e, $serviceManager->get('authentication'), $serviceManager->get('authorization'));
$moduleRouteListener = new MvcRouteListener($mvcAuthEvent, $eventManager, $serviceManager->get('authentication'));
$moduleRouteListener->attach($eventManager);

everything is working again.
Was it intended to change it manually, so that you could use your own AuthListener or was it removed for ZF3 purpose?

I'm curious why nobody else was running into this...
And if it's not a bug, is it a valid approach to use the MvcAuthEvent like this?

---

Originally posted by @disasterdrop at zfcampus/zf-apigility-skeleton#127

[weierophinney]

same problem here i updated 23/07

how u use $serviceManager

---

Originally posted by @Iraecio at zfcampus/zf-apigility-skeleton#127 (comment)

[weierophinney]

@Iraecio
You can access the Service Manager over the MvcEvent with:
$serviceManager = $e->getApplication()->getServiceManager();

---

Originally posted by @disasterdrop at zfcampus/zf-apigility-skeleton#127 (comment)