The security listener runs after the routing one. So, if a 404 appears, we are not able to use SecurityContext::isGranted or is_granted from twig template because the security is not started.

This is a bit boring, because in every almost application, we have conditional link base on user role or voter. And so we have to protect every call to is_granted in twig template like this: if app.user and is_granted('ROLE_USER').

I would like to be able to use only is_granted.

So I submit 2 solutions:

• (a) Always return false
• (b) Return a configured value if set, or Throw an exception (like now)

(a) => easy to implements, not flexible, and not BC
(b) => a bit more hard to implements (but easy anyway), flexible, BC

So of course, I prefer the solution (b)

What do you think?