Symfony在“security.firewalls.main”下无法识别选项“csrf_token_generator”

This question has already been asked here on stackoverflow. I'm implementing FOSUserBundle of symfony. I have configured everything as provided in solutions to those questions, but I'm still getting this error when I run

php app/console doctrine:schema:update --force

 [Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
  Unrecognized option "csrf_token_generator" under "security.firewalls.main"

security.yml

security:

encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER    
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        form_login:
            login_path: login
            check_path: login
        pattern:    ^/
        http_basic: ~
        provider: fos_userbundle
        csrf_token_generator: security.csrf.token_manager
        # activate different ways to authenticate

        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
        #http_basic: ~

        # https://symfony.com/doc/current/security/form_login_setup.html
        #form_login: ~
        logout:       true
        anonymous:    true
access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }        

config.yml

framework:
#esi: ~
#translator: { fallbacks: ['%locale%'] }
translator: ~
secret: '%secret%'
router:
    resource: '%kernel.root_dir%/config/routing.yml'
    strict_requirements: ~
form: ~
csrf_protection: 
    enabled: true
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
    engines: ['twig']
default_locale: '%locale%'
trusted_hosts: ~
trusted_proxies: ~
session:
    # handler_id set to null will use default session handler from php.ini
    handler_id: ~
fragments: ~
http_method_override: true

AppKernel.php

$bundles = array(
        new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
        new Symfony\Bundle\SecurityBundle\SecurityBundle(),
        new Symfony\Bundle\TwigBundle\TwigBundle(),
        new Symfony\Bundle\MonologBundle\MonologBundle(),
        new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(),
        new Doctrine\Bundle\DoctrineBundle\DoctrineBundle(),
        new Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle(),
        new AppBundle\AppBundle(),
        new FOS\UserBundle\FOSUserBundle(),
    );

Is there anything I missed. Any help is much appreciated.

Property csrf_token_generator: security.csrf.token_manager should be placed below the form_login:

firewalls:
    main:
        form_login:
            login_path: login
            check_path: login
            csrf_token_generator: security.csrf.token_manager