我的书签
添加书签
移除书签The Security Component
The Security component provides a complete security system for your webapplication. It ships with facilities for authenticating using HTTP basicauthentication, interactive form login or X.509 certificate login, but alsoallows you to implement your own authentication strategies. Furthermore, thecomponent provides ways to authorize authenticated users based on theirroles.
Installation
- $ composer require symfony/security
Note
If you install this component outside of a Symfony application, you mustrequire the vendor/autoload.php file in your code to enable the classautoloading mechanism provided by Composer. Readthis article for more details.
The Security component is divided into several smaller sub-components which canbe used separately:
symfony/security-core- It provides all the common security features, from authentication toauthorization and from encoding passwords to loading users.
symfony/security-http- It integrates the core sub-component with the HTTP protocol to handle HTTPrequests and responses.
symfony/security-csrf- It provides protection against CSRF attacks.
symfony/security-guard- It brings many layers of authentication together, allowing the creationof complex authentication systems.
This article explains how to use the Security features as an independentcomponent in any PHP application. Read the Security article to learnabout how to use it in Symfony applications.
Learn More
- Authentication
- Authorization
- The Firewall and Authorization
- Securely Generating Random Values
- Security
- How Does the Security access_control Work?
- How to Create a Custom Access Denied Handler
- How to Use Access Control Lists (ACLs)
- Built-in Authentication Providers
- How to Implement CSRF Protection
- How to Create a custom Authentication Provider
- Security: Complex Access Controls with Expressions
- How to Restrict Firewalls to a Request
- How to Force HTTPS or HTTP for different URLs
- Using the form_login Authentication Provider
- How to Build a Login Form
- Custom Authentication System with Guard (API Token Example)
- How to Impersonate a User
- How to Build a JSON Authentication Endpoint
- Authenticating against an LDAP server
- How to Use Multiple Guard Authenticators
- How to Use A Different Password Encoder Algorithm Per User
- How to Add "Remember Me" Login Functionality
- How to Secure any Service or Method in your Application
- How to Create and Enable Custom User Checkers
- Security User Providers
- How to Use Voters to Check User Permissions
- Security Configuration Reference (SecurityBundle)
- UserPassword
