minor #4872 [BestPractices] fix merge after removing @Security in 2.3 (xabbuh)

weaverryan · weaverryan · commit 4143076e6b2f · 2015-01-18T18:18:52.000-05:00
This PR was merged into the 2.5 branch. Discussion ---------- [BestPractices] fix merge after removing @Security in 2.3 | Q | A | ------------- | --- | Doc fix? | yes | New docs? | no | Applies to | 2.5+ | Fixed tickets | Commits ------- 5c55491 fix merge after removing @Security in 2.3
diff --git a/best_practices/security.rst b/best_practices/security.rst
@@ -74,13 +74,15 @@ Authorization (i.e. Denying Access)
 -----------------------------------
 
 Symfony gives you several ways to enforce authorization, including the ``access_control``
-configuration in :doc:`security.yml </reference/configuration/security>` and
-using :ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context``
+configuration in :doc:`security.yml </reference/configuration/security>`, the
+:ref:`@Security annotation <best-practices-security-annotation>` and using
+:ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context``
 service directly.
 
 .. best-practice::
 
     * For protecting broad URL patterns, use ``access_control``;
+    * Whenever possible, use the ``@Security`` annotation;
     * Check security directly on the ``security.context`` service whenever
       you have a more complex situation.
 
@@ -207,9 +209,10 @@ Now you can reuse this method both in the template and in the security expressio
 
 .. _best-practices-directly-isGranted:
 .. _checking-permissions-without-security:
+.. _manually-checking-permissions:
 
-Manually Checking Permissions
------------------------------
+Checking Permissions without @Security
+--------------------------------------
 
 The above example with ``@Security`` only works because we're using the
 :ref:`ParamConverter <best-practices-paramconverter>`, which gives the expression
