Symfony security redirect to login page

Question

If I have a secured route, let's say like panel from below, Symfony will allow access only to logged in users.

    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/panel, role: ROLE_USER }

For users that are not logged in it will always redirect them to the login_path (I'm using FOSUserBundle):

security:
    firewalls:   
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                login_path:     fos_user_security_login

Where can I disable or override this redirect? I want to show a login form directly, without redirecting the user.

I believe it has to do with AccessDeniedHandlerInterface, but what key needs to be overwritten in security.yml? And where is the default implementation?

For other situations we have DefaultLogoutSuccessHandler, DefaultAuthenticationFailureHandler, DefaultAuthenticationSuccessHandler and we can implement a service for each of these situations, that extends their respective interfaces and can handle the situation in a custom manner. Can't find anything for AccessDenied, though. Its directory contains only the interface.

Answer 1

I would do this manually.

Make your route accessible by anonymous:

- { path: ^/panel, role: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }

In your template, check if there is a logged in user:

{% if app.user is null %}
    <!-- Then display your login form -->
{% else %}
    <!-- Display the normal view -->
{% endif %}

Or do it from the controller:

if (!is_object($this->get('security.token_storage')->getToken()->getUser())) {
    // Render the login form
}

Like this, you can make your logic depending on that the user is authenticated or not.