Chapter 4. Security
Security is a very broad topic, and in general, it means restricting access to resources depending on who tries to access them. This chapter will not be going into the theory but will be a hands-on approach on how you can customize the security layer of Symfony to meet your needs.
Security is usually split into two parts:
Authentication: This identifies who is trying to access our app and is a prerequisite to authorization
Authorization: It decides if a user has the right to access specific parts of the app/data
In other words, authentication answers the question "Who are you?" (Luke SkyWalker) and authorization decides what you are allowed to do (for example, Use the force: yes; Pilot the Death Star: no).
We'll first go through both the topics in order, and then see a practical application of these techniques to protect an API against CSRF attacks.
