security->getUser(); if (!$user instanceof User) { throw new AccessDeniedException('User not authenticated.'); } return $user; } }