[Security] Expose the required roles in AccessDeniedException

src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php

@@ -18,8 +18,43 @@
  */
 class AccessDeniedException extends \RuntimeException
 {
+    private $attributes = [];
+    private $object;
+
     public function __construct($message = 'Access Denied.', \Exception $previous = null)
     {
         parent::__construct($message, 403, $previous);
     }
+
+    /**
+     * @return array
+     */
+    public function getAttributes()
+    {
+        return $this->attributes;
+    }
+
+    /**
+     * @param array $attributes
+     */
+    public function setAttributes(array $attributes)
+    {
+        $this->attributes = $attributes;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getObject()
+    {
+        return $this->object;
+    }
+
+    /**
+     * @param mixed $object
+     */
+    public function setObject($object)
+    {
+        $this->object = $object;
+    }
 }

src/Symfony/Component/Security/Http/Firewall/AccessListener.php

@@ -67,7 +67,11 @@ public function handle(GetResponseEvent $event)
         }
 
         if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
-            throw new AccessDeniedException();
+            $exception = new AccessDeniedException();
+            $exception->setAttributes($attributes);
+            $exception->setObject($request);
+
+            throw $exception;
         }
     }
 }

src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

@@ -122,7 +122,10 @@ private function attemptSwitchUser(Request $request)
         }
 
         if (false === $this->accessDecisionManager->decide($token, array($this->role))) {
-            throw new AccessDeniedException();
+            $exception = new AccessDeniedException();
+            $exception->setAttributes(array($this->role));
+
+            throw $exception;
         }
 
         $username = $request->get($this->usernameParameter);