Tweaks

Author: javiereguiluz

security.rst

@@ -2117,11 +2117,7 @@ would match ``/admin/foo`` but would also match URLs like ``/foo/admin``.
 
 Each ``access_control`` can also match on IP address, hostname and HTTP methods.
 It can also be used to redirect a user to the ``https`` version of a URL pattern.
-
-.. versionadded:: 6.1
-
-    Since Symfony 6.1, an access control rule can also be directly configured by passing a service
-    implementing `RequestMatcherInterface` through the `request_matcher` option.
+For more complex needs, you can also use a service implementing ``RequestMatcherInterface``.
 
 See :doc:`/security/access_control`.
 

security/access_control.rst

@@ -28,7 +28,12 @@ options are used for matching:
 * ``ip`` or ``ips``: netmasks are also supported (can be a comma-separated string)
 * ``port``: an integer
 * ``host``: a regular expression
-* ``methods``: one or many methods
+* ``methods``: one or many HTTP methods
+* ``request_matcher``: a service implementing ``RequestMatcherInterface``
+
+.. versionadded:: 6.1
+
+    The ``request_matcher`` option was introduced in Symfony 6.1.
 
 Take the following ``access_control`` entries as an example:
 
@@ -52,7 +57,7 @@ Take the following ``access_control`` entries as an example:
                 - { path: '^/admin', roles: ROLE_USER_IP, ips: '%env(TRUSTED_IPS)%' }
                 - { path: '^/admin', roles: ROLE_USER_IP, ips: [127.0.0.1, ::1, '%env(TRUSTED_IPS)%'] }
 
-                # Request matchers can be used to define access control rules
+                # for custom matching needs, use a request matcher service
                 - { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
 
     .. code-block:: xml
@@ -86,7 +91,7 @@ Take the following ``access_control`` entries as an example:
                     <ip>%env(TRUSTED_IPS)%</ip>
                 </rule>
 
-                <!-- Request matchers can be used to define access control rules -->
+                <!-- for custom matching needs, use a request matcher service -->
                 <rule role="ROLE_USER" request-matcher="App\Security\RequestMatcher\MyRequestMatcher"/>
             </config>
         </srv:container>
@@ -134,17 +139,13 @@ Take the following ``access_control`` entries as an example:
                 ->ips(['127.0.0.1', '::1', env('TRUSTED_IPS')])
             ;
 
-            // Request matchers can be used to define access control rules
+            // for custom matching needs, use a request matcher service
             $security->accessControl()
                 ->roles(['ROLE_USER'])
                 ->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
             ;
         };
 
-.. versionadded:: 6.1
-
-    Support for access control rule definition based on a RequestMatcher was introduced in Symfony 6.1.
-
 For each incoming request, Symfony will decide which ``access_control``
 to use based on the URI, the client's IP address, the incoming host name,
 and the request method. Remember, the first rule that matches is used, and