How to Create a Custom Access Denied Handler
How to Create a Custom Access Denied Handler¶
When your application throws an AccessDeniedException, you can handle this exception
with a service to return a custom response.
First, create a class that implements
Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface.
This interface defines one method called handle() where you can implement whatever
logic that should execute when access is denied for the current user (e.g. send a
mail, log a message, or generally return a custom response):
namespace AppBundle\Security;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
// ...
return new Response($content, 403);
}
}
If you’re using the default services.yml configuration, you’re done! Symfony will automatically know about your new service. You can then configure it under your firewall:
- YAML
1 2 3 4 5 6 7
# app/config/security.yml firewalls: # ... main: # ... access_denied_handler: AppBundle\Security\AccessDeniedHandler
- XML
1 2 3 4 5
<config> <firewall name="main"> <access-denied-handler>AppBundle\Security\AccessDeniedHandler</access-denied-handler> </firewall> </config>
- PHP
1 2 3 4 5 6 7 8 9 10 11
// app/config/security.php use AppBundle\Security\AccessDeniedHandler; $container->loadFromExtension('security', [ 'firewalls' => [ 'main' => [ // ... 'access_denied_handler' => AccessDeniedHandler::class, ], ], ]);
That’s it! Any AccessDeniedException thrown by code under the main firewall
will now be handled by your service.
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.