Amsterdam Nov. 21-23, 2019
Lille (France) March 1, 2019
Paris (France) March 28-29, 2019
Tunis (Tunisia) April 27, 2019
São Paulo (Brazil) May 16-17, 2019
Warszawa (Poland) June 13-14, 2019
London (UK) Sep. 13, 2019
Berlin (Germany) Sep. 24-27, 2019
  1. Home
  2. Documentation
  3. Security
  4. How to Create a Custom Access Denied Handler
WARNING: You are browsing the documentation for Symfony 4.0 which is not maintained anymore. Consider upgrading your projects to Symfony 4.2.

You are browsing the Symfony 4 documentation, which changes significantly from Symfony 3.x. If your app doesn't use Symfony 4 yet, browse the Symfony 3.4 documentation.

How to Create a Custom Access Denied Handler

4.0 version
Maintained
3.4 4.2 current 4.3 master
Unmaintained
2.7 2.8 3.1 3.2 3.3 4.1

How to Create a Custom Access Denied Handler

When your application throws an AccessDeniedException, you can handle this exception with a service to return a custom response.

First, create a class that implements AccessDeniedHandlerInterface. This interface defines one method called handle() where you can implement whatever logic that should execute when access is denied for the current user (e.g. send a mail, log a message, or generally return a custom response):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
namespace App\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;

class AccessDeniedHandler implements AccessDeniedHandlerInterface
{
    public function handle(Request $request, AccessDeniedException $accessDeniedException)
    {
        // ...

        return new Response($content, 403);
    }
}

If you're using the default services.yaml configuration, you're done! Symfony will automatically know about your new service. You can then configure it under your firewall:

  • YAML
    1
2
3
4
5
6
7
    # config/packages/security.yaml
firewalls:
    # ...

    main:
        # ...
        access_denied_handler: App\Security\AccessDeniedHandler
  • XML
    1
2
3
4
5
6
    <!-- config/packages/security.xml -->
<config>
    <firewall name="main">
        <access_denied_handler>App\Security\AccessDeniedHandler</access_denied_handler>
    </firewall>
</config>
  • PHP
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    // config/packages/security.php
use App\Security\AccessDeniedHandler;

$container->loadFromExtension('security', array(
    'firewalls' => array(
        'main' => array(
            // ...
            'access_denied_handler' => AccessDeniedHandler::class,
        ),
    ),
));

That's it! Any AccessDeniedException thrown by code under the main firewall will now be handled by your service.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.