Symfony provides many tools to secure your application. Some HTTP-related security tools, like secure session cookies and CSRF protection are provided by default. The SecurityBundle, which you will learn about in this guide, provides all authentication and authorization features needed to secure your application.
That's a lot of config! In the next sections, the three main elements are discussed:
The User (providers)
Any secured section of your application needs some concept of a user. The user provider loads users from any storage (e.g. the database) based on a "user identifier" (e.g. the user's email address);
The Firewall & Authenticating Users (firewalls)
The firewall is the core of securing your application. Every request within the firewall is checked if it needs an authenticated user. The firewall also takes care of authenticating this user (e.g. using a login form);
Access Control (Authorization) (access_control)
Using access control and the authorization checker, you control the required permissions to perform a specific action or visit a specific URL.