Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message

Security Laravel Package

symfony/security

Symfony Security provides authentication, authorization, password hashing, firewalls, voters, and user providers for PHP apps. Supports modern security standards, multiple guards, access control rules, CSRF protection, and seamless integration with the Symfony ecosystem.

View on GitHub
Deep Wiki
Context7

Provides a complete security system for your web application

Frequently asked questions about Security
Can I use Symfony/Security in Laravel without adopting the full Symfony framework?
Yes, you can integrate Symfony/Security as a standalone package in Laravel. It works alongside Laravel’s existing auth system, but you’ll need to map Symfony’s components (like `Security` container) to Laravel’s middleware and service container. Avoid conflicts by isolating namespaces and using Laravel’s service provider bindings.
What Laravel versions officially support Symfony/Security (symfony/security)?
Symfony/Security is compatible with Laravel 9 and 10, but you may need to manually resolve dependency conflicts (e.g., Symfony 5.4/6.0). Test thoroughly, as Laravel 10+ may introduce breaking changes with Symfony’s newer versions. Use `composer require symfony/security:^5.4` or `^6.0` explicitly.
How do I replace Laravel’s auth middleware with Symfony’s Firewall?
Replace Laravel’s `Authenticate` middleware with Symfony’s `Firewall` by binding it in Laravel’s `app/Http/Kernel.php`. Use Symfony’s `AccessDeniedException` and map it to Laravel’s `UnauthorizedHttpException` in a global exception handler. Example: `throw new UnauthorizedHttpException('Access denied.', $e);`.
Does Symfony/Security support OAuth2/OIDC for Laravel apps?
Yes, Symfony/Security integrates with the `symfony/security-http` and `symfony/security-oauth` bundles for OAuth2/OIDC. For Laravel, pair it with `league/oauth2-server` or `symfony/security-bundle` (if using Symfony’s full stack). This is more mature than Laravel’s Socialite for enterprise-grade OAuth workflows.
Will Symfony/Security’s CSRF protection work with Laravel’s built-in CSRF middleware?
No, Symfony/Security’s CSRF protection replaces Laravel’s. If you mix them, conflicts may arise (e.g., token validation failures). Use Symfony’s `CsrfTokenManager` and `csrf_token` Twig function, or disable Laravel’s CSRF middleware entirely. Test thoroughly in complex forms (e.g., multi-step workflows).
How do I implement Role-Based Access Control (RBAC) with Symfony/Security in Laravel?
Use Symfony’s `Voter` interface to create custom access rules (e.g., `RoleVoter`). Bind voters to Laravel’s service container and attach them to Symfony’s `AccessControlList`. Example: `$acl->addUserRole('ROLE_ADMIN', 'admin_panel');`. For hierarchical roles, extend `RoleHierarchyVoter`.
Are there performance concerns using Symfony/Security in Laravel?
Symfony/Security adds overhead for session management and authentication checks compared to Laravel’s optimized `auth()` helper. Benchmark critical paths (e.g., login flows) and consider caching Symfony’s `Security` container or using Laravel’s session driver for hybrid setups.
Can I migrate from Laravel’s auth to Symfony/Security incrementally?
Yes, start by isolating Symfony/Security to non-critical features (e.g., admin panels). Gradually replace Laravel’s `AuthenticatesUsers` trait with Symfony’s `AuthenticatorInterface`. Use Laravel’s service provider to merge both auth systems temporarily, but plan to deprecate Laravel’s auth helpers in later phases.
What alternatives exist if Symfony/Security’s archived status is a concern?
For Laravel, consider `spatie/laravel-permission` (RBAC), `laravel/sanctum` (API auth), or `oauth2-server-laravel` (OAuth2). If you need Symfony’s ecosystem, use `symfony/security-bundle` with Laravel via a hybrid setup, but expect higher maintenance. Avoid this package for greenfield projects.
How do I handle password hashing with Symfony/Security in Laravel?
Symfony/Security uses its own `PasswordHasherInterface` (e.g., `BcryptPasswordHasher`). Replace Laravel’s `Hash::make()` with Symfony’s `passwordHasher->hashPassword()`. For existing users, migrate hashes using Symfony’s `PasswordUpgrader`. Avoid mixing Laravel’s `Hash` and Symfony’s hasher to prevent validation errors.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
yandex/translate-api
voku/simple_html_dom
league/flysystem-vfs
bkwld/upchuck
filament/spatie-laravel-tags-plugin
capell-app/block-library
axium/identity
cetria/laravel-dummy-models
cetria/reflection-helper
agropredict/sso-auth-bundle
evolvestudio/spam-protection
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php