.. _book-security-securing-controller:

Securing a Controller

Protecting your application based on URL patterns is easy, but may not be

fine-grained enough in certain cases. When necessary, you can easily force

authorization from inside a controller::

.. _book-security-securing-controller-annotations:

Thanks to the FrameworkExtraBundle, you can also secure your controller using annotations::

For more information, see the `SensioFrameworkExtraBundle`_ documentation.

Securing other Services

In fact, anything in Symfony can be protected using a strategy similar to

the one seen in the previous section. For example, suppose you have a service

(i.e. a PHP class) whose job is to send emails from one user to another.

You can restrict use of this class - no matter where it's being used from -

to users that have a specific role.

For more information on how you can use the Security component to secure

different services and methods in your application, see :doc:`/cookbook/security/securing_services`.

Access Control Lists (ACLs): Securing Individual Database Objects

Imagine you are designing a blog system where your users can comment on your

posts. Now, you want a user to be able to edit their own comments, but not

those of other users. Also, as the admin user, you yourself want to be able

to edit *all* comments.

The Security component comes with an optional access control list (ACL) system

that you can use when you need to control access to individual instances

of an object in your system. *Without* ACL, you can secure your system so that

only certain users can edit blog comments in general. But *with* ACL, you

can restrict or allow access on a comment-by-comment basis.

For more information, see the cookbook article: :doc:`/cookbook/security/acl`.