awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
symfony avatar

symfony/security-http

0
View on GitHub↗
1,712 星标·23 分支·PHP·MIT·3 次浏览symfony.com/security↗

Security Http

This project provides a comprehensive security framework for PHP applications, designed to manage the entire lifecycle of user authentication and authorization. It functions as a middleware layer that intercepts incoming HTTP requests to enforce security policies, resolve user identities, and maintain persistent sessions across web interactions.

The framework distinguishes itself through a modular, event-driven architecture that integrates directly into the application lifecycle. It supports diverse authentication methods, including standard form-based logins, API bearer tokens, and federated identity integration via OpenID Connect and OAuth. Authorization is handled through a flexible system that combines role-based access control with attribute-driven metadata, allowing developers to define granular permissions and custom logic directly on controller methods.

Beyond core identity management, the library includes protective utilities to mitigate common web vulnerabilities. It provides built-in mechanisms for cross-site request forgery protection, login rate limiting to prevent brute-force attacks, and secure session termination directives. The framework also facilitates automated security auditing by scanning project dependencies for known vulnerabilities.

Features

  • Authentication Frameworks - Serves as a comprehensive PHP framework for managing user authentication, session lifecycles, and access control across web applications.
  • User Authentication Systems - Provides a comprehensive framework for verifying visitor credentials and establishing secure sessions.
  • Bearer Token Authentication - Validates incoming requests by extracting and verifying bearer tokens from headers or request bodies.
  • Route-Based - Configures firewalls to intercept incoming HTTP requests and enforce security policies across specific routes.
  • Role-Based Access Control - Enforces authorization rules based on user roles, supporting hierarchical structures and granular checks.
  • Backend Security Middleware - Functions as a middleware layer that intercepts incoming HTTP requests to enforce security policies and restrict access to application routes.
  • Web Application Security - Implements a comprehensive security framework for web applications, managing authentication, session persistence, and request interception.
  • Firewall Interceptors - Intercepts incoming HTTP traffic at the application entry point to enforce security policies and route requests.
  • Authenticated User Injection - Resolves the currently authenticated user object from the security context and passes it into controller methods.
  • Dependency-Injected Contexts - Simplifies access to authenticated user data by injecting the security context directly into controller methods.
  • Attribute-Based Access Control - Enforces granular authorization rules on controller methods using declarative metadata attributes.
  • Brute Force Protections - Provides built-in rate-limiting mechanisms to throttle login attempts and prevent brute-force attacks on application endpoints.
  • Authentication Rate Limiters - Limits the frequency of login attempts to prevent brute-force attacks against user accounts.
  • Cross-Site Request Forgery Protections - Protects against cross-site request forgery by verifying security tokens provided in headers, query strings, or request bodies.
  • Custom Authorization Logic - Defines complex business logic for access control by creating custom evaluators beyond simple role-based rules.
  • OIDC Identity Integrations - Verifies external identity tokens by checking digital signatures and claims to authenticate users through third-party providers.
  • Password Hashing Utilities - Secures user credentials by hashing passwords before storage and verifying them during login attempts.
  • Session Cookie Authentications - Maintains user authentication across browser sessions by managing secure cookies and user identifiers.
  • Third-Party Identity Integrations - Supports federated identity integration via OpenID Connect and OAuth to authenticate users through external providers.
  • Session Token Persisters - Maintains user sessions by serializing and deserializing security tokens across multiple web requests.
  • User Providers - Abstracts the retrieval of user identity objects from various storage backends.
  • User Identity Management - Loads and refreshes user objects from storage providers to ensure session data remains synchronized.
  • Authentication Event Hooks - Processes authentication through a chain of event-driven listeners during the request lifecycle.

Star 历史

symfony/security-http 的 Star 历史图表symfony/security-http 的 Star 历史图表

AI 搜索

探索更多 awesome 仓库

用简单的语言描述您的需求 —— AI 将根据相关性为您从数千个精选开源项目中进行排序。

Start searching with AI

包含 Security Http 的精选搜索

收录 Security Http 的精选合集。
  • Web security middleware

Security Http 的开源替代方案

相似的开源项目,按与 Security Http 的功能重合度排序。
  • symfony/securitysymfony 的头像

    symfony/security

    1,199在 GitHub 上查看↗

    This project is a comprehensive security framework for PHP applications, providing a modular system for verifying user identities and enforcing access control policies. It functions as a security middleware that decouples authentication and authorization logic from core application code, allowing for centralized management of user sessions, credentials, and resource access. The framework distinguishes itself through a highly decoupled architecture that separates identity verification from storage mechanisms. It utilizes a strategy-based approach to authentication, enabling developers to imple

    PHPcomponentphpsymfony
    在 GitHub 上查看↗1,199
  • quarkusio/quarkusquarkusio 的头像

    quarkusio/quarkus

    15,479在 GitHub 上查看↗

    Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program

    Javacloud-nativehacktoberfestjava
    在 GitHub 上查看↗15,479
  • aarondl/authbossaarondl 的头像

    aarondl/authboss

    4,189在 GitHub 上查看↗

    Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks

    Go
    在 GitHub 上查看↗4,189
  • dodyg/practical-aspnetcoredodyg 的头像

    dodyg/practical-aspnetcore

    10,382在 GitHub 上查看↗

    This project is a comprehensive sample library and implementation guide for ASP.NET Core. It provides a collection of practical examples and projects that demonstrate how to build web applications, RESTful APIs, and high-performance services. The repository focuses on a variety of architectural patterns, including the development of Minimal APIs, contract-first gRPC services, and real-time communication using WebSockets and Server-Sent Events. It includes detailed implementations for user identity and security, such as token-based authentication and CSRF protection. The codebase covers a bro

    C#asp-net-coreaspnet-coreaspnetcore
    在 GitHub 上查看↗10,382
查看 Security Http 的所有 30 个替代方案→

常见问题解答

symfony/security-http 是做什么的?

This project provides a comprehensive security framework for PHP applications, designed to manage the entire lifecycle of user authentication and authorization. It functions as a middleware layer that intercepts incoming HTTP requests to enforce security policies, resolve user identities, and maintain persistent sessions across web interactions.

symfony/security-http 的主要功能有哪些?

symfony/security-http 的主要功能包括:Authentication Frameworks, User Authentication Systems, Bearer Token Authentication, Route-Based, Role-Based Access Control, Backend Security Middleware, Web Application Security, Firewall Interceptors。

symfony/security-http 有哪些开源替代品?

symfony/security-http 的开源替代品包括: symfony/security — This project is a comprehensive security framework for PHP applications, providing a modular system for verifying user… quarkusio/quarkus — Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications.… aarondl/authboss — Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password… dodyg/practical-aspnetcore — This project is a comprehensive sample library and implementation guide for ASP.NET Core. It provides a collection of… codeigniter4/codeigniter4 — CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web… langchain-ai/deepagents — Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing…