Description

Currently, Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension::createRequestMatcher() accepts parameter $attributes, which I think could be used to specify attributes: {_route: route.id} to match a route instead of path (which I think is more useful for multilingual projects). However, currently it is not possible to actually use this because Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension::createAuthorization() (which calls $this->createRequestMatcher()) ends with $access['ips'], does not use the $attributes parameter at all.

Example

security:
   access_control:
      - { attributes: {_route: route_id}, roles: ROLE_USER }

or even

security:
   access_control:
      - { route: route_id, roles: ROLE_USER }

(which would require additional code and docs changes)