Henrik Bjørnskov has a quick new post with a security tip for those using the Symfony2 framework in its configuration.

Earlier when playing around with the Security component and SecurityBundle i found that for all paths you can specify a route name and the component will match it when check for the request paths.

Setting this up in your configuration gives you more control over the paths that are matched as well as more flexibility in defining them. He includes a note about a change you might have to make to the SecurityBundle's code to get the "check_path" part working correctly. You can find out more about the SecurityBundle's integration in this blog post from Pablo Bandin.

Stefan Koopmanschap has written up an article on the Leaseweblabs.com blog about migrating a Symfony 1 application to Symfony2 in a (slightly) less painful way that making the move all at once.

It is much easier to do a gradual migration. Start with one part of your application, and bit by bit migrate your logic and application. The traditional way of doing such migrations is to create a new project and have parallel development on the old and the new version of the application. The problem with this, though, is that when you make a change to your old application, you have to make the same change in the new codebase, essentially doubling the amount of work for each feature you need to implement. [...] You could wrap your old application into your Symfony2 application, and have different parts of your application be handled by different versions of your codebase.

With the help of a bundle he created, IngewikkeldWrapperBundle that handles the rerouting of your requests based on where the requested resource exists (in the Symfony 1 or 2 codebase).

On DZone.com John Esposito has a new post sharing two Symfony2 bundle repositories you can look to to improve your development experience with the framework - KnpBundles and Symfohub.

If you're using Symfony2, you already know that the framework uses 'bundles', the equivalent of plugins, if the core counted as a plugin too. (The official documentation calls bundles 'first-class citizens' in Symfony2.) So far so great idea, but an ecosystem depends on a community, and a community needs some kind of organization. So how is the Symfony2 bundle community organized, and how do you find existing third-party bundles?

KnpBundles provides a larger resource than Symfohub, but both have handy features to help you find what you're looking for - filtering, search recommendations and rankings.

Johannes Schmitt has a new post about his "killer feature" he's added to the security for Symfony2 framework (as a bundle) - a new customized expression-based query language that's compiled down to native PHP to make permissions checking simpler and faster.

If you have used the Symfony2 Security Component to any modest degree, you will know that we have a quite heavy voting system which uses attributes like "IS_AUTHENTICATED_FULLY" to make authorization decisions. [...] If you are concerned about performance, then you should not be all too generous with the isGranted() calls. The second option would work as well, but writing a new voter each time you need to make a new check does not really seem ideal either. Fortunately, we can do better.

He includes an example of this expression language in a direct isGranted() call, a string that checks to see if a user has three different roles, and a snippet showing the same thing in the docblock comment of a controller method. The second is a bit more complex, checking for an admin role or if the user is the one that should be deleted. You can find more doucmentation here.

Johannes Schlüter has a new post to his blog today about a bundle he's created for the Symfony2 framework that integrates some of the advanced statistics mysqlnd provides back to the framework's profiler tool - JSMysqlndBundle.

Symfony provides a nice feature, which is the Symfony Profilier, an extensive logging and reporting system for Symfony developers to understand what's going on. A part of it is the Doctrine query logger which lists all database queries executed by Doctrine and their execution time. This is nice but when we're using mysqlnd in our PHP build we have more information available. "So why not use that information," I thought and built a new bundle for Symfony 2 doing exactly that.

His bundle takes the "150 or so" statistics and drops them into the profiler, giving you even more insight into how your script is running. The bundle is available on github, making it simpler to fork and extend to add other features (some he suggests include caching and replication decisions using information from other mysqlnd plugins).

On the Liip blog today, there's a quick post about integrating Symfony2 and Magento, the popular PHP-based ecommerce platform.

So last week four developers sat together on a regular Hackday to see what's needed to hook up Magento into Symfony. To make this short the outcome is a Magento bundle for Symfony2. When we met in the morning we weren't even sure what exactly to try out but soon agreed on implementing a Symfony authentication which uses the Magento customer database.

The post talks about some of the issues they came across in their work - mainly a problem with incompatible autoloaders. There were also problems getting the logins to play nicely with each other and each product's session handling. You can find the current results from their hacking in this bundle posted to github.

In a new post to his blog Robert Basic takes a brief look at importing Symfony2 security settings from a bundle he's been creating back into the main configuration.

I started to work on/figuring out the security part in Symfony2 and one part where the docs fail so far is to explain how to import security settings from a bundle. Once I put some thinking into it, it's pretty easy actually. Simply import the needed security file in your main config file.

His trick is to use the "imports" key in his YAML config file to define the resource to pull from in his config.xml. More information on the format of the security file can be found here in the Symfony documentation. It helps you define authentication mechanisms, authorization models and working with access control and roles.

Konstantin Kudryashov has linked to a new tool that's adds BehatMink browser abstraction library for your Symfony2 project as a part of the Behat project (a BDD testing tool for PHP).

You can now test your Symfony2 applications with PHPUnit and Mink, thanks to brand new MinkBundle.

This new tool provides a clean API, support for Symfony2's test.client browser emulator and support for the Goutte and Sahi browser emulators as well. In the README on it's github page, they've provided some sample code snippets that show how to register the namespaces, add it to your application kernel/add the config, enable the GoutteDriver and SahiDriver and, of course, write a first test.

On Query7.com today they've posted the first in a series looking at frameworks that are more PHP 5.3 centric. They start things off with a very popular framework that currently has a major update in the works - Symfony2.

Ever since PHP5.3 was released we have seen several new frameworks pop up in the PHP community. In this series of articles we will look at and evaluate some of the next generation PHP frameworks. Today we look at Symfony2.

He starts with an overview of what the framework has to offer - things like the expected MVC structure, database integration with Doctrine2 and templating with Twig - as well as its heavy use of dependency injection. He also mentions its ability to use PHP, XML or YAML for configuration files as well as other features like bundles, large support for testing and built-in HTTP caching. He also briefly mentions something that is the heart and soul of any open source project - its community.

On the Symfony-Reloaded site (the site for the upcoming Symfony2 version of the framework) there's a recently updated page talking about bundle best practices to use when creating these standardized, easy-to-install packages.

A bundle is a directory that has a well-defined structure and can host anything from classes to controllers and web resources. Even if bundles are very flexible, you should follow some best practices if you want to distribute them.

There's a few standards they lay out concerning the bundle naming scheme (namespacing), the directory structure that'd need to be used (including a "resources" and "controller" directory) and where classes, third-party library use, documentation, templates, configuration and tests should fit in the structure.