Security

Edit this page

Warning: You are browsing the documentation for Symfony 2.5, which is no longer maintained.

Read the updated version of this page for Symfony 7.0 (the current stable version).

Security

How to Build a Traditional Login Form
- Redirecting after Success
- Avoid common Pitfalls
How to Load Security Users from the Database (the Entity Provider)
- Introduction
- The Data Model
- Authenticating Someone against a Database
- Forbid inactive Users
- Authenticating Someone with a Custom Entity Provider
- Managing Roles in the Database
- Understanding serialize and how a User is Saved in the Session
How to Add "Remember Me" Login Functionality
- Forcing the User to Re-authenticate before Accessing certain Resources
How to Impersonate a User
How to Implement your own Voter to Blacklist IP Addresses
- The Voter Interface
- Creating a custom Voter
- Declaring the Voter as a Service
- Changing the Access Decision Strategy
How to Use Voters to Check User Permissions
- How Symfony Uses Voters
- The Voter Interface
- Creating the custom Voter
- Declaring the Voter as a Service
- How to Use the Voter in a Controller
How to Use Access Control Lists (ACLs)
- Bootstrapping
- Getting Started
- Cumulative Permissions
How to Use advanced ACL Concepts
- Design Concepts
- Database Table Structure
- Scope of Access Control Entries
- Pre-Authorization Decisions
- Post Authorization Decisions
- Process for Reaching Authorization Decisions
How to Force HTTPS or HTTP for different URLs
How to Restrict Firewalls to a Specific Request
- Restricting by Pattern
- Restricting by Host
- Restricting by HTTP Methods
How to Restrict Firewalls to a Specific Host
How to Customize your Form Login
- Form Login Configuration Reference
- Redirecting after Success
How to Secure any Service or Method in your Application
- Securing Methods Using Annotations
How to Create a custom User Provider
- Create a User Class
- Create a User Provider
- Create a Service for the User Provider
- Modify security.yml
How to Create a Custom Form Password Authenticator
- The Password Authenticator
- How it Works
- Configuration
How to Authenticate Users with API Keys
- The API Key Authenticator
- Handling Authentication Failure
- Configuration
- Storing Authentication in the Session
- Only Authenticating for Certain URLs
How to Create a custom Authentication Provider
- Meet WSSE
- The Token
- The Listener
- The Authentication Provider
- The Factory
- Configuration
- A little Extra
Using pre Authenticated Security Firewalls
- X.509 Client Certificate Authentication
How to Change the default Target Path Behavior
Using CSRF Protection in the Login Form
- Configuring CSRF Protection
- Rendering the CSRF field
How to Choose the Password Encoder Algorithm Dynamically
How Does the Security access_control Work?
- 1. Matching Options
- 2. Access Enforcement
- Matching access_control By IP
- Forcing a Channel (http, https)
How to Use multiple User Providers

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.

Security

Security

What is Symfony?

Learn Symfony

Screencasts

Community

Blog

Services

Deployed on