Managing the Symfony firewalls and security
Security was a part of the dark side of the symfony documentation, it has a dedicated component named Security Component.
This component is configured in the security.yml file of the main application project.
The default configuration is like this one :
You can define specific Firewalls to restrict access to some URL to specific Roles based on a hierarchy for your Users that are defined by a Provider and Encoders that manage the password security.
For example, if you want to create a custom Provider, from your database engine, you can define you security.yml like this :
After that, you can defined firewall to restrict some URL based on your custom user provider (security.yml) explicitely like this :
Or with access control :
See more detailled documentation here.
The best way to manage user is to use FosUserBundle that extends some framework functionnalities.