PHPackages                             mlukman/security-helper-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. mlukman/security-helper-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

mlukman/security-helper-bundle
==============================

A set of classes to simplify Symfony security

1.3.3(2w ago)075MITPHPPHP &gt;=8.1

Since Oct 15Pushed 2w ago1 watchersCompare

[ Source](https://github.com/MLukman/SecurityHelperBundle)[ Packagist](https://packagist.org/packages/mlukman/security-helper-bundle)[ RSS](/packages/mlukman-security-helper-bundle/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (32)Versions (11)Used By (0)

Security Helper Bundle
======================

[](#security-helper-bundle)

About
-----

[](#about)

Security Helper Bundle is a Symfony 7.x bundle that simplifies the implementation of AAA (authentication, authorization and audit) of a web application. It is a layer on top of the core Symfony Security Bundle.

Installation
------------

[](#installation)

Make sure Composer is installed globally, as explained in the [installation chapter](https://getcomposer.org/doc/00-intro.md) of the Composer documentation.

### Applications that use Symfony Flex

[](#applications-that-use-symfony-flex)

Open a command console, enter your project directory and execute:

```
composer require mlukman/security-helper-bundle
```

### Applications that don't use Symfony Flex

[](#applications-that-dont-use-symfony-flex)

#### Step 1: Download the Bundle

[](#step-1-download-the-bundle)

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

```
composer require mlukman/security-helper-bundle:1.*
```

#### Step 2: Enable the Bundle

[](#step-2-enable-the-bundle)

Then, enable the bundle by adding it to the list of registered bundles in the `config/bundles.php` file of your project:

```
// config/bundles.php

return [
    // ...
    MLukman\SecurityHelperBundle\SecurityHelperBundle::class => ['all' => true],
];
```

Activation
----------

[](#activation)

While Composer helps a lot in installing this bundle, there are some further steps that are required to activate this bundle in your web application.

### Create Doctrine entity that subclasses of UserEntity

[](#create-doctrine-entity-that-subclasses-of-userentity)

Most of the columns configuration for authentication purposes are already implemented by the `UserEntity` class except the `#[ORM\Id]` field, which is intentionally left for the subclass to implement. Feel free to add relations as needed by your database design.

Example:

```
#[ORM\Entity]
#[ORM\Table]
class User extends UserEntity {

    #[ORM\Id]
    #[ORM\GeneratedValue]
    #[ORM\Column]
    protected ?int $id = null;

    /**
     * You might want to override this method to handle the scenario where a user who is already logged in
     * proceeds to login with a different method and/or credentials. Applicable for login using OAuth only.
     * Example: make both user entities share the same profile or account
     */
    public function merge(UserEntity $tobemerged)
    {

    }
}
```

### Implement AuthenticationRepositoryInterface

[](#implement-authenticationrepositoryinterface)

The implementation class needs to implement the following methods:

#### getDefaultRedirectRoute() : string

[](#getdefaultredirectroute--string)

This method should return the route to redirect to if the information about the previous route is not available. The returned route will also be used to redirect user after logout.

#### newUserEntity(string $method, string $credential, string $username = null): UserEntity

[](#newuserentitystring-method-string-credential-string-username--null-userentity)

Create new User entity object. This method should not save the object to database yet.

#### queryUserEntity(string $method, string $criteriaField, string $criteriaValue): ?UserEntity

[](#queryuserentitystring-method-string-criteriafield-string-criteriavalue-userentity)

Query a User entity based on method, criteriaField and criteriaValue. This method may return null if no such entity can be found.

#### queryUserEntityFromSecurityUser(UserInterface $securityUser): ?UserEntity

[](#queryuserentityfromsecurityuseruserinterface-securityuser-userentity)

Query a User entity based on the pass UserInterface object. This method may return null if no such entity can be found.

#### saveUserEntity(UserEntity $user): void

[](#saveuserentityuserentity-user-void)

Save the passed new/modified User entity object.

#### sendResetPasswordEmail(UserEntity $user): void

[](#sendresetpasswordemailuserentity-user-void)

Send a reset password email to the user.

### Implement LoginControllerInterface

[](#implement-logincontrollerinterface)

The implementation class needs to implement the following method:

#### login(Request $request, ClientRegistry $clientRegistry): Response

[](#loginrequest-request-clientregistry-clientregistry-response)

Show login page that should contain one or more of the followings, depending on the authentication methods that you want to implement:

- Username &amp; password input fields
- The buttons to login using OAuth2 providers

### Register both implementations of AuthenticationRepositoryInterface and LoginControllerInterface

[](#register-both-implementations-of-authenticationrepositoryinterface-and--logincontrollerinterface)

Add the following to your `services.yaml`:

```
services:
    # existing settings here

    MLukman\SecurityHelperBundle\Authentication\AuthenticationRepositoryInterface:
        class: 'App\Service\AuthenticationRepository'

    MLukman\SecurityHelperBundle\Controller\LoginControllerInterface:
        class: 'App\Controller\AuthController'

```

### Register the bundle routing

[](#register-the-bundle-routing)

Add a YAML file named `security_helper.yaml` with the following content into your `config/routes` folder (modify the `prefix` parameter to your preference):

```
security_helper:
    resource: '@SecurityHelperBundle/config/routes.yaml'
    prefix: /@auth
```

### Register with the main Symfony Security Bundle

[](#register-with-the-main-symfony-security-bundle)

Merge the following settings into your `config/packages/security.yaml`:

```
security:
    providers:
        app_user_provider:
            entity:
                class: App\Entity\User # follow your UserEntity subclass name
                property: username
    firewalls:
        main:
            provider: app_user_provider
            custom_authenticators: # remove authenticators you don't need
                - MLukman\SecurityHelperBundle\Authentication\PasswordAuthenticator
                - MLukman\SecurityHelperBundle\Authentication\LDAPAuthenticator
                - MLukman\SecurityHelperBundle\Authentication\OAuth2Authenticator
            entry_point: MLukman\SecurityHelperBundle\Authentication\AuthenticationListener
            logout:
                path: security_logout
    access_control:
        # ensure the routing prefix you defined in security_helper.yaml has PUBLIC_ACCESS access control
        - { path: ^/@auth/, roles: PUBLIC_ACCESS }
        # adjust based on your sitemap
        - { path: ^/admin/, roles: ROLE_ADMIN }
        - { path: ^/, roles: PUBLIC_ASSESS }
```

###  Health Score

45

—

FairBetter than 91% of packages

Maintenance96

Actively maintained with recent releases

Popularity11

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~67 days

Recently: every ~123 days

Total

10

Last Release

19d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/177263?v=4)[Muhammad Lukman Nasaruddin](/maintainers/MLukman)[@MLukman](https://github.com/MLukman)

---

Top Contributors

[![MLukman](https://avatars.githubusercontent.com/u/177263?v=4)](https://github.com/MLukman "MLukman (13 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/mlukman-security-helper-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/mlukman-security-helper-bundle/health.svg)](https://phpackages.com/packages/mlukman-security-helper-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M388](/packages/easycorp-easyadmin-bundle)[kimai/kimai

Kimai - Time Tracking

4.8k9.0k1](/packages/kimai-kimai)[oro/platform

Business Application Platform (BAP)

645143.5k115](/packages/oro-platform)[rcsofttech/audit-trail-bundle

Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking.

1189.8k](/packages/rcsofttech-audit-trail-bundle)[chameleon-system/chameleon-base

The Chameleon System core.

1028.6k5](/packages/chameleon-system-chameleon-base)[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.5k5.9M736](/packages/sylius-sylius)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
