SymfonyWorld Online 2021
Jun 17–18, 2021
SymfonyLive Online Spanish Edition 2021
May 7, 2021
SymfonyLive Online German Edition 2021
Apr 16, 2021
SymfonyLive Online French Edition 2021
Apr 9, 2021
SymfonyLive Online Polish Edition 2021
Mar 12, 2021
  1. Home
  2. Documentation
  3. Security
  4. How to Create a Custom Access Denied Handler
WARNING:

You are browsing the documentation for Symfony 2.8 which is not maintained anymore.

Consider upgrading your projects to Symfony 5.2.

How to Create a Custom Access Denied Handler

2.8 version
Maintained
4.4 5.2 current 5.3 dev
Unmaintained
2.7 2.8 3.1 3.2 3.3 3.4 4.0 4.1 4.2 4.3 5.0 5.1

How to Create a Custom Access Denied Handler

When your application throws an AccessDeniedException, you can handle this exception with a service to return a custom response.

Each firewall context can define its own custom access denied handler:

  • YAML
    1
2
3
4
5
    # app/config/security.yml
firewalls:
    foo:
        # ...
        access_denied_handler: app.security.access_denied_handler
  • XML
    1
2
3
4
5
    <config>
  <firewall name="foo">
    <access_denied_handler>app.security.access_denied_handler</access_denied_handler>
  </firewall>
</config>
  • PHP
    1
2
3
4
5
6
7
8
9
    // app/config/security.php
$container->loadFromExtension('security', array(
    'firewalls' => array(
        'foo' => array(
            // ...
            'access_denied_handler' => 'app.security.access_denied_handler',
        ),
    ),
));

Your handler must implement the Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface. This interface defines one method called handle() that implements the logic to execute when access is denied to the current user (send a mail, log a message, or generally return a custom response):

namespace AppBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;

class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // ...

        return new Response($content, 403);
    }
}

Then, register the service for the access denied handler:

  • YAML
    1
2
3
4
    # app/config/services.yml
services:
    app.security.access_denied_handler:
        class: AppBundle\Security\AccessDeniedHandler
  • XML
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
    <!-- app/config/services.xml -->
<?xml version="1.0" encoding="UTF-8" ?>
<container xmlns="http://symfony.com/schema/dic/services"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://symfony.com/schema/dic/services
    http://symfony.com/schema/dic/services/services-1.0.xsd">

    <services>
        <service id="app.security.access_denied_handler"
                class="AppBundle\Security\AccessDeniedHandler" />
    </services>
</container>
  • PHP
    1
2
3
4
5
    // app/config/services.php
$container->register(
    'app.security.access_denied_handler',
    'AppBundle\Security\AccessDeniedHandler'
);

That’s it! Any AccessDeniedException thrown by the foo firewall will now be handled by your service.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.