When are user roles refreshed and how to force it?

Question

First off, I\'m not using FOSUserBundle and I can\'t because I\'m porting a legacy system which has its own Model layer (no Doctrine/Mongo/whatsoever here) and other very cu

Answer 1

Sorry i cant reply in comment so i replay to question. If someone new in symfony security try to get role refresh work in Custom Password Authentication then inside function authenticateToken :

if(count($token->getRoles()) > 0 ){
        if ($token->getUser() == $user ){
            $passwordValid=true;
        }
    }

And do not check for passwords from DB/LDAP or anywhere. If user come in system then in $token are just username and had no roles.