How to Create a Custom Access Denied Handler
Warning: You are browsing the documentation for Symfony 3.x, which is no longer maintained.
Read the updated version of this page for Symfony 7.2 (the current stable version).
When your application throws an AccessDeniedException
, you can handle this exception
with a service to return a custom response.
First, create a class that implements
AccessDeniedHandlerInterface.
This interface defines one method called handle()
where you can implement whatever
logic that should execute when access is denied for the current user (e.g. send a
mail, log a message, or generally return a custom response):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
namespace AppBundle\Security;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
// ...
return new Response($content, 403);
}
}
If you're using the default services.yml configuration, you're done! Symfony will automatically know about your new service. You can then configure it under your firewall:
1 2 3 4 5 6 7
# app/config/security.yml
firewalls:
# ...
main:
# ...
access_denied_handler: AppBundle\Security\AccessDeniedHandler
That's it! Any AccessDeniedException
thrown by code under the main
firewall
will now be handled by your service.