Login/Register
Custom message for @Security annotation
Asked Answered
Solved symfonysymfony-security
P

1

6

I'm trying to use @Security annotations for my routes. Like this:

/**
 * @return Response
 * @Route("/action")
 * @Security("has_role('ROLE_USER')")
 * @Template()
 */
public function someAction()
{
    return array();
}

When the security restriction fires an exception, I get the message Expression "has_role('ROLE_USER')" denied access.

This is not acceptable to be shown to the end user, so I'm trying to find a way to customize the message for annotation.

Simple workaround is to not to use @Secutity annotations and write code like these:

/**
 * @return Response
 * @Route("/action")
 * 
 * @Template()
 */
public function someAction()
{
    if (!$this->get('security.context')->isGranted('ROLE_USER')) {
        throw new AccessDeniedException('You have to be logged in in order to use this feature');
    }

    return array();
}

But this is less convenient and less readable.

Is it possible to write custom message to @Security annotations?

Paderna answered 20/6, 2014 at 13:8 Comment(0)
P
10

As soon as I realized that this is not possible, I have made a pull request to the Sensio FrameworkExtra Bundle to make this possible.

This PR allows to customize displayed message by specifying the message parameter like

@Security("has_role('ROLE_USER')",message="You have to be logged in")
Paderna answered 20/6, 2014 at 14:25 Comment(2)
So why did you close the PR? It was a good one, still receveing upvotes after closing. Please consider re-opening it.Weidner
Well, actually because one year passed without any maintainers comment, but the PR gone out of sync and I've seen no purpose to maintain it.Paderna

© 2022 - 2024 — McMap. All rights reserved.