应该使用403状态代码进行响应,但是对于以下代码,我得到了这样的响应:
Full authentication is required to access this resource. (500 Internal Server Error)
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
class MyController extends Controller
{
private function _accessControl()
{
if (false === $this->get('security.context')->isGranted('ROLE_ADMIN')) {
throw new AccessDeniedException();
}
}
这里是API reference for the AccessDeniedException class
和代码:
/**
* AccessDeniedException is thrown when the account has not the required role.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class AccessDeniedException extends \RuntimeException
{
public function __construct($message = 'Access Denied', \Exception $previous = null)
{
parent::__construct($message, 403, $previous);
}
}
在我的代码中的同一位置使用throw new HttpException(403);会返回正确的状态代码