Merge branch '6.1' into 6.2

* 6.1:
  [Security] Reference the new request_matcher option

Author: javiereguiluz

security.rst

@@ -2123,6 +2123,8 @@ would match ``/admin/foo`` but would also match URLs like ``/foo/admin``.
 
 Each ``access_control`` can also match on IP address, hostname and HTTP methods.
 It can also be used to redirect a user to the ``https`` version of a URL pattern.
+For more complex needs, you can also use a service implementing ``RequestMatcherInterface``.
+
 See :doc:`/security/access_control`.
 
 .. _security-securing-controller:

security/access_control.rst

@@ -28,7 +28,12 @@ options are used for matching:
 * ``ip`` or ``ips``: netmasks are also supported (can be a comma-separated string)
 * ``port``: an integer
 * ``host``: a regular expression
-* ``methods``: one or many methods
+* ``methods``: one or many HTTP methods
+* ``request_matcher``: a service implementing ``RequestMatcherInterface``
+
+.. versionadded:: 6.1
+
+    The ``request_matcher`` option was introduced in Symfony 6.1.
 
 Take the following ``access_control`` entries as an example:
 
@@ -52,6 +57,9 @@ Take the following ``access_control`` entries as an example:
                 - { path: '^/admin', roles: ROLE_USER_IP, ips: '%env(TRUSTED_IPS)%' }
                 - { path: '^/admin', roles: ROLE_USER_IP, ips: [127.0.0.1, ::1, '%env(TRUSTED_IPS)%'] }
 
+                # for custom matching needs, use a request matcher service
+                - { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
+
     .. code-block:: xml
 
         <!-- config/packages/security.xml -->
@@ -82,6 +90,9 @@ Take the following ``access_control`` entries as an example:
                     <ip>::1</ip>
                     <ip>%env(TRUSTED_IPS)%</ip>
                 </rule>
+
+                <!-- for custom matching needs, use a request matcher service -->
+                <rule role="ROLE_USER" request-matcher="App\Security\RequestMatcher\MyRequestMatcher"/>
             </config>
         </srv:container>
 
@@ -127,6 +138,12 @@ Take the following ``access_control`` entries as an example:
                 ->roles(['ROLE_USER_IP'])
                 ->ips(['127.0.0.1', '::1', env('TRUSTED_IPS')])
             ;
+
+            // for custom matching needs, use a request matcher service
+            $security->accessControl()
+                ->roles(['ROLE_USER'])
+                ->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
+            ;
         };
 
 For each incoming request, Symfony will decide which ``access_control``