Custom post for @Security annotation

Question

Custom post for @Security annotation

I am trying to use @Security annotations for my routes. Like this:

 /** * @return Response * @Route("/action") * @Security("has_role('ROLE_USER')") * @Template() */ public function someAction() { return array(); }

When a security restriction throws an exception, I get an Expression "has_role('ROLE_USER')" denied access message Expression "has_role('ROLE_USER')" denied access .

This is not acceptable for display to the end user, so I am trying to find a way to configure the message for annotation.

A simple workaround is to not use @Secutity annotations and write code like these:

 /** * @return Response * @Route("/action") * * @Template() */ public function someAction() { if (!$this->get('security.context')->isGranted('ROLE_USER')) { throw new AccessDeniedException('You have to be logged in in order to use this feature'); } return array(); }

But it is less convenient and less readable.

Can I write my own message in the @Security annotation?

+6

symfony symfony-security

Scaytrase Jun 20 '14 at 13:08

source share

1 answer

Scaytrase · Accepted Answer · 2014-06-20T14:25:04+0000

As soon as I realized that this was not possible, I made a pull request for the Sensio FrameworkExtra Bundle to make this possible.

This PR allows you to customize the displayed message by specifying a message parameter, for example

 @Security("has_role('ROLE_USER')",message="You have to be logged in")

Custom post for @Security annotation

More articles: