Once in a while I like diving into code and see how things work under the hood. And as the symfony2 framework consists of many different components, bundles and bridges, there is a lot to discover. But ultimately, the code itself mostly isn’t really as complex as it might seem from the outside world: just like a good magic trick, once unraveled, it all seems very simple and makes sense.
However, this is not true for one of those components: the security component. This black box full of dark magic doesn’t like to give up its secrets, and after some (miserably) failed attempts, I am trying to unravel it once more in a few blog posts. Either we achieve complete victory, or fail yet again.. At this point, I will give both fair odds.
Note that this blogpost are in the first place written for me personally. There may (and probably will) other blogposts be out there detailing the component, but I’d rather discover and share the experiences myself. Assumptions I make, may or may not be valid and might not even make sense, but then again, these posts should be considered as a learning process, not a hard truth (which I will never pretend I will have on anything).