I am returning a Response object with the 403 status code while in an authentication listener.
The example I have followed is from the cookbook:
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
When this response is created, the browser (Chrome) shows the web browser error page:
Access to the web page was denied
You are not authorised to access the web page at http://project/access-denied. You may need to sign in.
What I would like it to do is display my own error twig error page from app/Resources/TwigBundle/views/Exception/error403.html.twig
(as described in this cookbook entry). But as the 403 response is already sent, it doesn't get that far.
I cannot throw an AccessDeniedException because this is an authentication failure, meaning there is no security token present which causes a fatal error.
I can throw an AuthenticationException but this only causes a 500 error, which displays the standard 500 error page.
The only way I can see to do this is to pass the twig service to the listener and add it to the response, like: $response->setContent($twigRenderedError);
But this does seem like an ugly solution - possibly a flaw in the authentication layer of Symfony2?