New in Symfony 2.5: Create the Correct Denied HTTP Exception
Contributed by
Klaus Silveira
in #9405.
Do you know the difference between
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
and
Symfony\Component\Security\Core\Exception\AccessDeniedException
?
Their names look very similar and both deal with resources for which the user
does not have access. But which one should you use in a controller? This is
probably counter-intuitive, but you should use
Symfony\Component\Security\Core\Exception\AccessDeniedException
. And when
using an IDE, you might import the wrong exception pretty easily. As this is a
frequent mistake, we even added a rule about this on SensioLabsInsight (and this violation is triggered quite
often).
As of 2.5, you can now rely on a helper method that does the right thing (if
you are using the Symfony\Bundle\FrameworkBundle\Controller\Controller
base
class):
1 | throw $this->createAccessDeniedException('You cannot access this page!');
|
By the way, Symfony\Component\Security\Core\Exception\AccessDeniedException
is the exception class you want to use because it is automatically caught by
the Symfony Security Firewall, which generates the correct response for the
user.
Comments
If the exception is specific to Fragments sub-framework it's namespace should explicitly reference `fragments`
https://github.com/symfony/symfony/issues/4297
Instead of correcting it, you keep in the same path and add a useless method.
Why the don't you deprecate something you failed in design ?
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
FredV said on Feb 5, 2014 at 15:32 #1