symfony
diff --git a/‎_build/redirection_map
+8 b/‎_build/redirection_map
+8
diff --git a/‎_images/security/http_basic_popup.png
-38.6 KB b/‎_images/security/http_basic_popup.png
-38.6 KB
diff --git a/‎_images/security/symfony_loggedin_wdt.png
61 KB b/‎_images/security/symfony_loggedin_wdt.png
61 KB
diff --git a/‎best_practices/security.rst
-20 b/‎best_practices/security.rst
-20
diff --git a/‎controller/error_pages.rst
+7 b/‎controller/error_pages.rst
+7
diff --git a/‎doctrine.rst
+50-2 b/‎doctrine.rst
+50-2
diff --git a/‎doctrine/registration_form.rst
+8-7 b/‎doctrine/registration_form.rst
+8-7
diff --git a/‎reference/configuration/security.rst
+1-2 b/‎reference/configuration/security.rst
+1-2
diff --git a/‎reference/configuration/web_profiler.rst
+2 b/‎reference/configuration/web_profiler.rst
+2
@@ -390,3 +390,11 @@
 /quick_tour/the_view /quick_tour/flex_recipes
 /service_container/service_locators /service_container/service_subscribers_locators
 /templating/overriding /bundles/override
+/security/custom_provider /security/user_provider
+/security/multiple_user_providers /security/user_provider
+/security/custom_password_authenticator /security/guard_authentication
+/security/api_key_authentication /security/api_key_authentication
+/security/pre_authenticated /security/auth_providers
+/security/host_restriction /security/firewall_restriction
+/security/acl_advanced /security/acl
+/security/password_encoding /security
@@ -376,26 +376,6 @@ via the even easier shortcut in a controller::
         // ...
     }
 
-Learn More
-----------
-
-The `FOSUserBundle`_, developed by the Symfony community, adds support for a
-database-backed user system in Symfony. It also handles common tasks like
-user registration and forgotten password functionality.
-
-Enable the :doc:`Remember Me feature </security/remember_me>` to
-allow your users to stay logged in for a long period of time.
-
-When providing customer support, sometimes it's necessary to access the application
-as some *other* user so that you can reproduce the problem. Symfony provides
-the ability to :doc:`impersonate users </security/impersonating_user>`.
-
-If your company uses a user login method not supported by Symfony, you can
-develop :doc:`your own user provider </security/custom_provider>` and
-:doc:`your own authentication provider </security/custom_authentication_provider>`.
-
-----
-
 Next: :doc:`/best_practices/web-assets`
 
 .. _`ParamConverter`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/converters.html
 
@@ -122,6 +122,13 @@ store the HTTP status code and message respectively.
     for the standard HTML exception page or ``exception.json.twig`` for the JSON
     exception page.
 
+Security & 404 Pages
+--------------------
+
+Due to the order of how routing and security are loaded, security information will
+*not* be available on your 404 pages. This means that it will appear as if you're
+user is logged out on the 404 page (it will work while testing, but not on production).
+
 .. _testing-error-pages:
 
 Testing Error Pages during Development
 
@@ -228,6 +228,8 @@ This command executes all migration files that have not already been run against
 your database. You should run this command on production when you deploy to keep
 your production database up-to-date.
 
+.. _doctrine-add-more-fields:
+
 Migrations & Adding more Fields
 -------------------------------
 
@@ -715,12 +717,58 @@ relationships.
 
 For info, see :doc:`/doctrine/associations`.
 
+.. _doctrine-fixtures:
+
 Dummy Data Fixtures
 -------------------
 
 Doctrine provides a library that allows you to programmatically load testing
-data into your project (i.e. "fixture data"). For information, see
-the "`DoctrineFixturesBundle`_" documentation.
+data into your project (i.e. "fixture data"). Install it with:
+
+.. code-block:: terminal
+
+    $ composer require doctrine/doctrine-fixtures-bundle --dev
+
+Then, use the ``make:fixtures`` command to generate an empty fixture class:
+
+.. code-block:: terminal
+
+    $ php bin/console make:fixtures
+
+    The class name of the fixtures to create (e.g. AppFixtures):
+    > ProductFixture
+
+Customize the new class to load ``Product`` objects into Doctrine::
+
+    // src/DataFixtures/ProductFixture.php
+    namespace App\DataFixtures;
+
+    use Doctrine\Bundle\FixturesBundle\Fixture;
+    use Doctrine\Common\Persistence\ObjectManager;
+
+    class ProductFixture extends Fixture
+    {
+        public function load(ObjectManager $manager)
+        {
+            $product = new Product();
+            $product->setName('Priceless widget!');
+            $product->setPrice(14.50);
+            $product->setDescription('Ok, I guess it *does* have a price');
+            $manager->persist($product);
+
+            // add more products
+
+            $manager->flush();
+        }
+    }
+
+Empty the database and reload *all* the fixture classes with:
+
+.. code-block:: terminal
+
+    $ php bin/console doctrine:fixtures:load
+
+For information, see the "`DoctrineFixturesBundle`_" documentation.
 
 Learn more
 ----------
 
@@ -16,13 +16,8 @@ First, make sure you have all the dependencies you need installed:
 
     $ composer require symfony/orm-pack symfony/form symfony/security-bundle symfony/validator
 
-.. tip::
-
-    The popular `FOSUserBundle`_ provides a registration form, reset password
-    form and other user management functionality.
-
 If you don't already have a ``User`` entity and a working login system,
-first start with :doc:`/security/entity_provider`.
+first start by following :doc:`/security`.
 
 Your ``User`` entity will probably at least have the following fields:
 
@@ -166,7 +161,7 @@ With some validation added, your class may look something like this::
 The :class:`Symfony\\Component\\Security\\Core\\User\\UserInterface` requires
 a few other methods and your ``security.yaml`` file needs to be configured
 properly to work with the ``User`` entity. For a more complete example, see
-the :ref:`Entity Provider <security-crete-user-entity>` article.
+the :doc:`Security Guide </security>`.
 
 .. _registration-password-max:
 
@@ -420,6 +415,12 @@ To do this, add a ``termsAccepted`` field to your form, but set its
 The :ref:`constraints <form-option-constraints>` option is also used, which allows
 us to add validation, even though there is no ``termsAccepted`` property on ``User``.
 
+Manually Authenticating after Success
+-------------------------------------
+
+If you're using Guard authentication, you can :ref:`automatically authenticate<guard-manual-auth>`
+after registration is successful.
+
 .. _`CVE-2013-5750`: https://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form
 .. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
 .. _`bcrypt`: https://en.wikipedia.org/wiki/Bcrypt
@@ -48,8 +48,7 @@ is set to ``true``) when they try to access a protected resource but isn't
 fully authenticated.
 
 This path **must** be accessible by a normal, un-authenticated user, else
-you may create a redirect loop. For details, see
-":ref:`Avoid Common Pitfalls <security-common-pitfalls>`".
+you may create a redirect loop.
 
 check_path
 ..........
 
@@ -45,6 +45,8 @@ It enables and disables the toolbar entirely. Usually you set this to ``true``
 in the ``dev`` and ``test`` environments and to ``false`` in the ``prod``
 environment.
 
+.. _intercept_redirects:
+
 intercept_redirects
 ~~~~~~~~~~~~~~~~~~~