Amsterdam Nov. 21-23, 2019
Lille (France) March 1, 2019
Paris (France) March 28-29, 2019
Tunis (Tunisia) April 27, 2019
São Paulo (Brazil) May 16-17, 2019
Warszawa (Poland) June 13-14, 2019
London (UK) Sep. 13, 2019
Berlin (Germany) Sep. 24-27, 2019
  1. Home
  2. Documentation
  3. Security
  4. How to Create a Custom Access Denied Handler
WARNING: You are browsing the documentation for Symfony 4.0 which is not maintained anymore. Consider upgrading your projects to Symfony 4.3.

You are browsing the Symfony 4.0 documentation, which changes significantly from Symfony 3.x. If your app doesn't use Symfony 4.0 yet, browse the Symfony 3.4 documentation.

How to Create a Custom Access Denied Handler

4.0 version
Maintained
3.4 4.3 current 4.4 5.0 master
Unmaintained
2.7 2.8 3.1 3.2 3.3 4.1 4.2

How to Create a Custom Access Denied Handler

When your application throws an AccessDeniedException, you can handle this exception with a service to return a custom response.

First, create a class that implements AccessDeniedHandlerInterface. This interface defines one method called handle() where you can implement whatever logic that should execute when access is denied for the current user (e.g. send a mail, log a message, or generally return a custom response):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
namespace App\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;

class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // ...

        return new Response($content, 403);
    }
}

If you're using the default services.yaml configuration, you're done! Symfony will automatically know about your new service. You can then configure it under your firewall:

  • YAML
    1
2
3
4
5
6
7
    # config/packages/security.yaml
firewalls:
    # ...

    main:
        # ...
        access_denied_handler: App\Security\AccessDeniedHandler
  • XML
    1
2
3
4
5
6
    <!-- config/packages/security.xml -->
<config>
    <firewall name="main">
        <access_denied_handler>App\Security\AccessDeniedHandler</access_denied_handler>
    </firewall>
</config>
  • PHP
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    // config/packages/security.php
use App\Security\AccessDeniedHandler;

$container->loadFromExtension('security', array(
    'firewalls' => array(
        'main' => array(
            // ...
            'access_denied_handler' => AccessDeniedHandler::class,
        ),
    ),
));

That's it! Any AccessDeniedException thrown by code under the main firewall will now be handled by your service.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.