====== Symfony YAML Configuration Reference ======
=====The security.yml configuration file=====
In this article we assume that you are familiar with [[http://www.symfony-project.org/reference/1_4/en/02-YAML|The YAML Format]] and [[http://www.symfony-project.org/reference/1_4/en/03-Configuration-Files-Principles|Configuration File Principles]].
The security.yml configuration file describes the authentication and authorization rules for a symfony application.
action_name:
is_secure:
credentials: user_credentials
=====Security configuration options=====
====action_name====
If //security.yml// is in the //config/// directory of the module, then //action_name// key can specify one of the following:
* The action name without the //execute// prefix to determine if an action is secured or not;
* The //'All'// keyword for whole module.
If //security.yml// is in the application //config/// directory which describes the security settings for the whole application, //action_name// key must be set to //'default'//. Eg.:
default:
is_secure: false
====action_name > is_secure====
By setting this key to //true//, the entire application/module/action will require authentication for all users.
Possible values: ////
Default: //false//
====action_name > credentials====
Defines user credentials. A credential is a string that can represent anything you need to describe the application security model (like groups or permissions). When credentials are defined, a user must have the required credentials to access the application, module or action.
If you need to describe complex credential requirements, you can enter Boolean expression by using the notation array.
For example, if a user must have the credential A and the credential B, wrap the them with square brackets:
index:
credentials: [A, B]
If a user must have credential the A or the credential B, wrap them with two pairs of square brackets:
index:
credentials: [[A, B]]
You can also mix and match brackets to describe any kind of Boolean expression with any number of credentials.