How to Create a Custom Access Denied Handler

Edit this page

Warning: You are browsing the documentation for Symfony 3.1, which is no longer maintained.

Read the updated version of this page for Symfony 6.1 (the current stable version).

How to Create a Custom Access Denied Handler

When your application throws an AccessDeniedException, you can handle this exception with a service to return a custom response.

Each firewall context can define its own custom access denied handler:

  • YAML
  • XML
  • PHP
1
2
3
4
5
# app/config/security.yml
firewalls:
    foo:
        # ...
        access_denied_handler: app.security.access_denied_handler

Your handler must implement the
AccessDeniedHandlerInterface. This interface defines one method called handle() that implements the logic to execute when access is denied to the current user (send a mail, log a message, or generally return a custom response).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
namespace AppBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;

class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // ...

        return new Response($content, 403);
    }
}

Then, register the service for the access denied handler:

  • YAML
1
2
3
4
# app/config/services.yml
services:
    app.security.access_denied_handler:
        class: AppBundle\Security\AccessDeniedHandler

<!-- app/config/services.xml --> <?xml version="1.0" encoding="UTF-8" ?> <container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

<services> <service id="app.security.access_denied_handler" class="AppBundleSecurityAccessDeniedHandler" /> </services> </container>

// app/config/services.php $container->register( 'app.security.access_denied_handler', 'AppBundleSecurityAccessDeniedHandler' );

That's it! Any AccessDeniedException thrown by the foo firewall will now be handled by your service.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.