New in Symfony 2.5 Create the Correct Denied HTTP Exception
February 5, 2014
•
Published by
Avatar of Fabien Potencier\
\
Do you know the difference between
Symfony
and
Symfony
?
Their names look very similar and both deal with resources for which the user
does not have access. But which one should you use in a controller? This is
probably counter-intuitive, but you should use
Symfony
. And when
using an IDE, you might import the wrong exception pretty easily. As this is a
frequent mistake, we even added a rule about this on SensioLabsInsight (and this violation is triggered quite
often).
As of 2.5, you can now rely on a helper method that does the right thing (if
you are using the Symfony
base
class):
1
throw $this->createAccessDeniedException('You cannot access this page!');
By the way, Symfony
is the exception class you want to use because it is automatically caught by
the Symfony Security Firewall, which generates the correct response for the
user.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
@FredVelcro it's used internally and thrown by Symfony/Component/HttpKernel/EventListener/FragmentListener when the request is invalid or it comes from an untrusted ip
Judgeing by use cases, I'd say the AccessDeniedHttpException is used when the request itself is rejected, and AccessDeniedException is used when user has not enough credentials to access the resource.
@Piotr Gołębiewski
If the exception is specific to Fragments sub-framework it's namespace should explicitly reference fragments
@FredVelcro or where you intentionally do not want to trigger the firewall handler
Thank you! I was writing about that two years ago. Not because of mistakes using wrong exception, but rather because I think 403 is also very often used exception in controllers.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
So when to use such a "Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException" ?