@@ -1062,6 +1062,72 @@ the user will be redirected to ``https``:
10621062 ),
10631063 ),
10641064
1065+ book-security-securing-controller :
1066+
1067+ Securing a Controller
1068+ ~~~~~~~~~~~~~~~~~~~~~
1069+
1070+ Protecting your application based on URL patterns is easy, but may not be
1071+ fine-grained enough in certain cases. When necessary, you can easily force
1072+ authorization from inside a controller::
1073+
1074+ // ...
1075+ use Symfony\Component\Security\Core\Exception\AccessDeniedException;
1076+
1077+ public function helloAction($name)
1078+ {
1079+ if (false === $this->get('security.context')->isGranted('ROLE_ADMIN')) {
1080+ throw new AccessDeniedException();
1081+ }
1082+
1083+ // ...
1084+ }
1085+
1086+ .. _book-security-securing-controller-annotations :
1087+
1088+ Thanks to the FrameworkExtraBundle, you can also secure your controller using annotations::
1089+
1090+ // ...
1091+ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
1092+
1093+ /**
1094+ * @Security("has_role('ROLE_ADMIN')")
1095+ */
1096+ public function helloAction($name)
1097+ {
1098+ // ...
1099+ }
1100+
1101+ For more information, see the `SensioFrameworkExtraBundle `_ documentation.
1102+
1103+ Securing other Services
1104+ ~~~~~~~~~~~~~~~~~~~~~~~
1105+
1106+ In fact, anything in Symfony can be protected using a strategy similar to
1107+ the one seen in the previous section. For example, suppose you have a service
1108+ (i.e. a PHP class) whose job is to send emails from one user to another.
1109+ You can restrict use of this class - no matter where it's being used from -
1110+ to users that have a specific role.
1111+
1112+ For more information on how you can use the Security component to secure
1113+ different services and methods in your application, see:doc: `/cookbook/security/securing_services `.
1114+
1115+ Access Control Lists (ACLs): Securing Individual Database Objects
1116+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1117+
1118+ Imagine you are designing a blog system where your users can comment on your
1119+ posts. Now, you want a user to be able to edit their own comments, but not
1120+ those of other users. Also, as the admin user, you yourself want to be able
1121+ to edit *all * comments.
1122+
1123+ The Security component comes with an optional access control list (ACL) system
1124+ that you can use when you need to control access to individual instances
1125+ of an object in your system. *Without * ACL, you can secure your system so that
1126+ only certain users can edit blog comments in general. But *with * ACL, you
1127+ can restrict or allow access on a comment-by-comment basis.
1128+
1129+ For more information, see the cookbook article::doc: `/cookbook/security/acl `.
1130+
10651131Users
10661132-----
10671133