In "Securing a Controller" part of the Security documentation, it writes

If you're using Symfony's Standard Distribution, this bundle is available by default.

When it is no longer true in sf2.3, hm...

btw, can we secure a controller with annotation now in sf2.3?