Managing the Symfony firewalls and security
Managing Security
Security was a part of the dark side of the symfony documentation, it has a dedicated component named Security Component.
This component is configured in the security.yml file of the main application project.
The default configuration is like this one :
# app/config/security.yml
security:
providers:
in_memory:
memory: ~
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
You can define specific Firewalls to restrict access to some URL to specific Roles based on a hierarchy for your Users that are defined by a Provider and Encoders that manage the password security.
For example, if you want to create a custom Provider, from your database engine, you can define you security.yml like this :
providers:
your_db_provider:
entity:
class: AppBundle:User
property: apiKey
This is detailled in the symfony Documentation : How to define a custom UserProvider and from the database or against LDAP for example.
After that, you can defined firewall to restrict some URL based on your custom user provider (security.yml) explicitely like this :
firewalls:
secured_area:
pattern: ^/admin
Or with access control :
access_control:
- { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
- { path: ^/admin, roles: ROLE_ADMIN }
See more detailled documentation here.
The best way to manage user is to use FosUserBundle that extends some framework functionnalities.