diff --git a/security.rst b/security.rst
index afdc6db23c4..5d0ac15e137 100644
--- a/security.rst
+++ b/security.rst
@@ -2119,6 +2119,12 @@ would match ``/admin/foo`` but would also match URLs like ``/foo/admin``.
Each ``access_control`` can also match on IP address, hostname and HTTP methods.
It can also be used to redirect a user to the ``https`` version of a URL pattern.
+
+.. versionadded:: 6.1
+
+ Since Symfony 6.1, an access control rule can also be directly configured by passing a service
+ implementing `RequestMatcherInterface` through the `request_matcher` option.
+
See :doc:`/security/access_control`.
.. _security-securing-controller:
diff --git a/security/access_control.rst b/security/access_control.rst
index a19faee19ba..c23212bed8c 100644
--- a/security/access_control.rst
+++ b/security/access_control.rst
@@ -52,6 +52,9 @@ Take the following ``access_control`` entries as an example:
- { path: '^/admin', roles: ROLE_USER_IP, ips: '%env(TRUSTED_IPS)%' }
- { path: '^/admin', roles: ROLE_USER_IP, ips: [127.0.0.1, ::1, '%env(TRUSTED_IPS)%'] }
+ # Request matchers can be used to define access control rules
+ - { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
+
.. code-block:: xml
@@ -82,6 +85,9 @@ Take the following ``access_control`` entries as an example:
::1
%env(TRUSTED_IPS)%
+
+
+
@@ -127,8 +133,18 @@ Take the following ``access_control`` entries as an example:
->roles(['ROLE_USER_IP'])
->ips(['127.0.0.1', '::1', '%env(TRUSTED_IPS)%'])
;
+
+ // Request matchers can be used to define access control rules
+ $security->accessControl()
+ ->roles(['ROLE_USER'])
+ ->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
+ ;
};
+.. versionadded:: 6.1
+
+ Support for access control rule definition based on a RequestMatcher was introduced in Symfony 6.1.
+
For each incoming request, Symfony will decide which ``access_control``
to use based on the URI, the client's IP address, the incoming host name,
and the request method. Remember, the first rule that matches is used, and