In this article we assume that you are familiar with The YAML Format and Configuration File Principles.
The security.yml configuration file describes the authentication and authorization rules for a symfony application.
action_name: is_secure:<true | false>credentials:user_credentials
Security configuration options
action_name
-
If security.yml is in the config/ directory of the module, then action_name key can specify one of the following:
- The action name without the execute prefix to determine if an action is secured or not;
- The 'All' keyword for whole module.
If security.yml is in the application config/ directory which describes the security settings for the whole application, action_name key must be set to 'default'. Eg.:
default: is_secure: false
action_name > is_secure
-
By setting this key to true, the entire application/module/action will require authentication for all users.
- Possible values:
<true | false>- Default:
false
action_name > credentials
-
Defines user credentials. A credential is a string that can represent anything you need to describe the application security model (like groups or permissions). When credentials are defined, a user must have the required credentials to access the application, module or action.
If you need to describe complex credential requirements, you can enter Boolean expression by using the notation array.
For example, if a user must have the credential A and the credential B, wrap the them with square brackets:
index: credentials: [A, B]
If a user must have credential the A or the credential B, wrap them with two pairs of square brackets:
index: credentials: [[A, B]]
You can also mix and match brackets to describe any kind of Boolean expression with any number of credentials.
