For a server-side payment notification service we authorize the $request->server parameters PHP_AUTH_USER and PHP_AUTH_PW. For complex security annotations we can always implement the Annotations of the JMSSecurityExtraBundle, but this seems a bit too much for this simple use-case:

// Authentication check
if (
    $request->server->get('PHP_AUTH_USER') != $this->container->getParameter('security_user') ||
    $request->server->get('PHP_AUTH_PW') != $this->container->getParameter('security_pw')
) {
    throw $this->createNotFoundException();
}

What I'd like to propose is that the @Security annotation is able to compare the server parameters with the values from the container parameters:

/**
 * @Security("php_auth('%security_user%', '%security_pw%')")
 */
public function showAction(Post $post)