Securing methods allows for the most fine-grained access control that Symfony2
has to offer.
Generally, you can secure all public, or protected methods which are non-static,
and non-final. Private methods cannot be secured. You can also add metadata for
abstract methods, or interfaces which will then be applied to their concrete
The pattern is a case-sensitive regular expression which is matched against two notations.
The first match is being used.
First, your pattern is matched against the notation for non-service controllers.
This obviously is only done if your class is actually a controller, e.g.
AcmeFooBundle:Add:new for a controller named AddController and a method
named newAction in a sub-namespace Controller in a bundle named AcmeFooBundle.
Last, your pattern is matched against the concatenation of the class name, and
the method name that is being called, e.g. My\Fully\Qualified\ClassName::myMethodName.
Note: If you would like to secure non-service controllers, the
JMSDiExtraBundle must be installed.
Note 2: When using a Fully Qualified Class Name, you have to escape backslashes as in the example above.