How can I throw a 403 exception in Symfony2?

Question

I am doing a check if there is a specific token in my request URI and throw a Symfony\Component\Security\Core\Exception\AccessDeniedException if there is no token or the token is wrong.

if(!isset($token) && $token != 'whatever') {
  throw new AccessDeniedException('No token given or token is wrong.');
}

But when I use this AccessDeniedException, Symfony2 simply redirects to the login page. Instead, I would like to have a dedicated 403 error page (I already created app/Resources/TwigBundle/views/Exceptions/error403.html.twig file).

What would I have to change in order to achieve this? Do I have to use a PHP native Exception? But how can I tell to pass a 403 error code?

Does Symfony2 maybe have a specific 403-Exception which doesn't simply redirect to login?

Answer 1

Throw Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException.

That will bypass the security system and give you a 403 response which in turn will get picked up by the twig exception listener.

Answer 2

As of Symfony 2.6 you can use the following controller shortcut that will trigger the good exception for you:

return $this->denyAccessUnlessGranted('ROLE_EDIT', $item, 'You cannot edit this item.');