Skip to content
  • About
    • What is Symfony?
    • Community
    • News
    • Contributing
    • Support
  • Documentation
    • Symfony Docs
    • Symfony Book
    • Screencasts
    • Symfony Bundles
    • Symfony Cloud
    • Training
  • Services
    • SensioLabs Professional services to help you with Symfony
    • Platform.sh for Symfony Best platform to deploy Symfony apps
    • SymfonyInsight Automatic quality checks for your apps
    • Symfony Certification Prove your knowledge and boost your career
    • Blackfire Profile and monitor performance of your apps
  • Other
  • Blog
  • Download
sponsored by SensioLabs
  1. Home
  2. Documentation
  3. Components
  4. The Security Component
  • Documentation
  • Book
  • Reference
  • Bundles
  • Cloud

Table of Contents

  • Installation
  • Learn More

The Security Component

Edit this page

Warning: You are browsing the documentation for Symfony 4.2, which is no longer maintained.

Read the updated version of this page for Symfony 6.2 (the current stable version).

The Security Component

The Security component provides a complete security system for your web application. It ships with facilities for authenticating using HTTP basic authentication, interactive form login or X.509 certificate login, but also allows you to implement your own authentication strategies. Furthermore, the component provides ways to authorize authenticated users based on their roles.

Installation

1
$ composer require symfony/security

Note

If you install this component outside of a Symfony application, you must require the vendor/autoload.php file in your code to enable the class autoloading mechanism provided by Composer. Read this article for more details.

The Security component is divided into several smaller sub-components which can be used separately:

symfony/security-core
It provides all the common security features, from authentication to authorization and from encoding passwords to loading users.
symfony/security-http
It integrates the core sub-component with the HTTP protocol to handle HTTP requests and responses.
symfony/security-csrf
It provides protection against CSRF attacks.
symfony/security-guard
It brings many layers of authentication together, allowing the creation of complex authentication systems.

See also

This article explains how to use the Security features as an independent component in any PHP application. Read the Security article to learn about how to use it in Symfony applications.

Learn More

  • Authentication
  • Authorization
  • The Firewall and Authorization
  • Securely Generating Random Values
  • Security
  • How Does the Security access_control Work?
  • How to Create a Custom Access Denied Handler
  • How to Use Access Control Lists (ACLs)
  • Built-in Authentication Providers
  • How to Implement CSRF Protection
  • How to Create a custom Authentication Provider
  • Security: Complex Access Controls with Expressions
  • How to Restrict Firewalls to a Request
  • How to Force HTTPS or HTTP for different URLs
  • Using the form_login Authentication Provider
  • How to Build a Login Form
  • Custom Authentication System with Guard (API Token Example)
  • How to Impersonate a User
  • How to Build a JSON Authentication Endpoint
  • Authenticating against an LDAP server
  • How to Use Multiple Guard Authenticators
  • How to Use A Different Password Encoder Algorithm Per User
  • How to Add "Remember Me" Login Functionality
  • How to Secure any Service or Method in your Application
  • How to Create and Enable Custom User Checkers
  • Security User Providers
  • How to Use Voters to Check User Permissions
  • Security Configuration Reference (SecurityBundle)
  • UserPassword
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.
TOC
    Version
    We stand with Ukraine.
    Version:
    Put the code quality back at the heart of your project

    Put the code quality back at the heart of your project

    Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).

    Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).

    Symfony footer

    ↓ Our footer now uses the colors of the Ukrainian flag because Symfony stands with the people of Ukraine.

    Avatar of Bruno Vitorino, a Symfony contributor

    Thanks Bruno Vitorino for being a Symfony contributor

    2 commits • 10 lines changed

    View all contributors that help us make Symfony

    Become a Symfony contributor

    Be an active part of the community and contribute ideas, code and bug fixes. Both experts and newcomers are welcome.

    Learn how to contribute

    Symfony™ is a trademark of Symfony SAS. All rights reserved.

    • What is Symfony?

      • Symfony at a Glance
      • Symfony Components
      • Case Studies
      • Symfony Releases
      • Security Policy
      • Logo & Screenshots
      • Trademark & Licenses
      • symfony1 Legacy
    • Learn Symfony

      • Symfony Docs
      • Symfony Book
      • Reference
      • Bundles
      • Best Practices
      • Training
      • eLearning Platform
      • Certification
    • Screencasts

      • Learn Symfony
      • Learn PHP
      • Learn JavaScript
      • Learn Drupal
      • Learn RESTful APIs
    • Community

      • SymfonyConnect
      • Support
      • How to be Involved
      • Code of Conduct
      • Events & Meetups
      • Projects using Symfony
      • Downloads Stats
      • Contributors
      • Backers
    • Blog

      • Events & Meetups
      • A week of symfony
      • Case studies
      • Cloud
      • Community
      • Conferences
      • Diversity
      • Documentation
      • Living on the edge
      • Releases
      • Security Advisories
      • SymfonyInsight
      • Twig
      • SensioLabs
    • Services

      • SensioLabs services
      • Train developers
      • Manage your project quality
      • Improve your project performance
      • Host Symfony projects

      Deployed on

    Follow Symfony