Checking Permissions without @Security; Security Voters users (e.g. form login for the main site and a token system for your API only), we recommend having Most applications only have one authentication system and one set of users..