Symfony安全性重定向到登录页面

Question

If I have a secured route, let's say like panel from below, Symfony will allow access only to logged in users.

    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/panel, role: ROLE_USER }

For users that are not logged in it will always redirect them to the login_path (I'm using FOSUserBundle):

security:
    firewalls:   
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                login_path:     fos_user_security_login

Where can I disable or override this redirect? I want to show a login form directly, without redirecting the user.

I believe it has to do with AccessDeniedHandlerInterface , but what key needs to be overwritten in security.yml? And where is the default implementation?

For other situations we have DefaultLogoutSuccessHandler, DefaultAuthenticationFailureHandler, DefaultAuthenticationSuccessHandler and we can implement a service for each of these situations, that extends their respective interfaces and can handle the situation in a custom manner. Can't find anything for AccessDenied, though. Its directory contains only the interface.

Answer 1

I would do this manually.

Make your route accessible by anonymous:

- { path: ^/panel, role: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }

In your template, check if there is a logged in user:

{% if app.user is null %}
    <!-- Then display your login form -->
{% else %}
    <!-- Display the normal view -->
{% endif %}

Or do it from the controller:

if (!is_object($this->get('security.token_storage')->getToken()->getUser())) {
    // Render the login form
}

Like this, you can make your logic depending on that the user is authenticated or not.