symfony/security-core 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.| Name | Version | Size | License | Type | Vulnerabilities |
|---|---|---|---|---|---|
| psr/container | 2.0.2 | 3.55 kB | MIT | prod dev | |
| symfony/event-dispatcher-contracts | v3.5.0 | - | MIT | prod | |
| symfony/password-hasher | v7.0.7 | - | MIT | prod | |
| symfony/service-contracts | v3.5.0 | - | MIT | prod |
The Symfony Security Component - Core Library, also known as symfony/security-core, provides an infrastructure for creating sophisticated authorization systems. It is a powerful tool which allows the easy separation of user providers that hold user credentials from the actual authorization logic, enhancing security and the manageability of the user roles and authorities within an application.
To use symfony/security-core in your application, you first need to install it using composer by running $ composer require symfony/security-core in your terminal. Once installed, you can use various classes, such as AuthenticationTrustResolver, AccessDecisionManager, RoleVoter, RoleHierarchyVoter, and others for managing user roles and decisions about user authorizations. For instance, you can check if the authenticated user has the 'ROLE_ADMIN' using the AccessDecisionManager and throw an AccessDeniedException if they don't. Here is a code snippet:
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Role\RoleHierarchy;
$accessDecisionManager = new AccessDecisionManager([
new AuthenticatedVoter(new AuthenticationTrustResolver()),
new RoleVoter(),
new RoleHierarchyVoter(new RoleHierarchy([
'ROLE_ADMIN' => ['ROLE_USER'],
]))
]);
$user = new \App\Entity\User(...);
$token = new UsernamePasswordToken($user, 'main', $user->getRoles());
if (!$accessDecisionManager->decide($token, ['ROLE_ADMIN'])) {
throw new AccessDeniedException();
}
Replace new \App\Entity\User(...); with the actual user entity in your application, and replace 'main' with the appropriate firewall name.
For additional and detailed information on using symfony/security-core, the comprehensive documentation can be accessed at Symfony Documentation. Further contributions and issues can be reported at the main Symfony repository on GitHub. Sound knowledge of this library can be instrumental in building applications with scalable and secure authorization systems.
