Symfony
sponsored by SensioLabs
Menu
  • About
  • Documentation
  • Screencasts
  • Cloud
  • Certification
  • Community
  • Businesses
  • News
  • Download
  1. Home
  2. Documentation
  3. Cookbook
  4. Security
  • Documentation
  • Book
  • Reference
  • Bundles
  • Cloud
Search by Algolia

Table of Contents

  • Authentication (Identifying/Logging in the User)
  • Authorization (Denying Access)

Security

Edit this page

Warning: You are browsing the documentation for Symfony 2.6, which is no longer maintained.

Read the updated version of this page for Symfony 6.2 (the current stable version).

Security

Authentication (Identifying/Logging in the User)

  • How to Build a Traditional Login Form
    • Redirecting after Success
    • Avoid Common Pitfalls
  • How to Load Security Users from the Database (the Entity Provider)
    • Introduction
    • 1) Create your User Entity
    • 2) Configure Security to load from your Entity
    • Forbid Inactive Users (AdvancedUserInterface)
    • Using a Custom Query to Load the User
    • Understanding serialize and how a User is Saved in the Session
  • How to Add "Remember Me" Login Functionality
    • Forcing the User to Opt-Out of the Remember Me Feature
    • Forcing the User to Re-Authenticate before Accessing certain Resources
  • How to Impersonate a User
    • Events
  • How to Customize your Form Login
    • Form Login Configuration Reference
    • Redirecting after Success
  • How to Create a custom User Provider
    • Create a User Class
    • Create a User Provider
    • Create a Service for the User Provider
    • Modify security.yml
  • How to Create a Custom Form Password Authenticator
    • The Password Authenticator
    • How it Works
    • Configuration
  • How to Authenticate Users with API Keys
    • The API Key Authenticator
    • Handling Authentication Failure
    • Configuration
    • Storing Authentication in the Session
    • Only Authenticating for Certain URLs
  • How to Create a custom Authentication Provider
    • Meet WSSE
    • The Token
    • The Listener
    • The Authentication Provider
    • The Factory
    • Configuration
    • A little Extra
  • Using pre Authenticated Security Firewalls
    • X.509 Client Certificate Authentication
    • REMOTE_USER Based Authentication
  • How to Change the default Target Path Behavior
  • Using CSRF Protection in the Login Form
    • Configuring CSRF Protection
    • Rendering the CSRF field
  • How to Choose the Password Encoder Algorithm Dynamically
  • How to Use multiple User Providers
  • How to Restrict Firewalls to a Specific Request
    • Restricting by Pattern
    • Restricting by Host
    • Restricting by HTTP Methods
  • How to Restrict Firewalls to a Specific Host

Authorization (Denying Access)

  • How to Use Voters to Check User Permissions
    • How Symfony Uses Voters
    • The Voter Interface
    • Creating the custom Voter
    • Declaring the Voter as a Service
    • How to Use the Voter in a Controller
    • Changing the Access Decision Strategy
  • How to Use Access Control Lists (ACLs)
    • Bootstrapping
    • Getting Started
    • Cumulative Permissions
  • How to Use advanced ACL Concepts
    • Design Concepts
    • Database Table Structure
    • Scope of Access Control Entries
    • Pre-Authorization Decisions
    • Post Authorization Decisions
    • Process for Reaching Authorization Decisions
  • How to Force HTTPS or HTTP for different URLs
  • How to Secure any Service or Method in your Application
    • Securing Methods Using Annotations
  • How Does the Security access_control Work?
    • 1. Matching Options
    • 2. Access Enforcement
    • Matching access_control By IP
    • Forcing a Channel (http, https)
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.
We stand with Ukraine.
Version:
Measure & Improve Symfony Code Performance

Measure & Improve Symfony Code Performance

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).

↓ Our footer now uses the colors of the Ukrainian flag because Symfony stands with the people of Ukraine.

Avatar of kurozumi, a Symfony contributor

Thanks kurozumi for being a Symfony contributor

1 commit • 382 lines changed

View all contributors that help us make Symfony

Become a Symfony contributor

Be an active part of the community and contribute ideas, code and bug fixes. Both experts and newcomers are welcome.

Learn how to contribute

Symfony™ is a trademark of Symfony SAS. All rights reserved.

  • What is Symfony?
    • Symfony at a Glance
    • Symfony Components
    • Case Studies
    • Symfony Releases
    • Security Policy
    • Logo & Screenshots
    • Trademark & Licenses
    • symfony1 Legacy
  • Learn Symfony
    • Symfony Docs
    • Symfony Book
    • Reference
    • Bundles
    • Best Practices
    • Training
    • eLearning Platform
    • Certification
  • Screencasts
    • Learn Symfony
    • Learn PHP
    • Learn JavaScript
    • Learn Drupal
    • Learn RESTful APIs
  • Community
    • SymfonyConnect
    • Support
    • How to be Involved
    • Code of Conduct
    • Events & Meetups
    • Projects using Symfony
    • Downloads Stats
    • Contributors
    • Backers
  • Blog
    • Events & Meetups
    • A week of symfony
    • Case studies
    • Cloud
    • Community
    • Conferences
    • Diversity
    • Documentation
    • Living on the edge
    • Releases
    • Security Advisories
    • SymfonyInsight
    • Twig
    • SensioLabs
  • Services
    • SensioLabs services
    • Train developers
    • Manage your project quality
    • Improve your project performance
    • Host Symfony projects
    Deployed on
Follow Symfony
Search by Algolia