diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
index 9a538275df..7094c5444e 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -97,6 +97,8 @@ class ExceptionListener
                 return;
             }
         } elseif ($exception instanceof AccessDeniedException) {
+            $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
             $token = $this->context->getToken();
             if (!$this->authenticationTrustResolver->isFullFledged($token)) {
                 if (null !== $this->logger) {
@@ -129,8 +131,6 @@ class ExceptionListener
                         $response = $event->getKernel()->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);
                         $response->setStatusCode(403);
                     } else {
-                        $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
                         return;
                     }
                 } catch (\Exception $e) {
@@ -148,8 +148,6 @@ class ExceptionListener
                 $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
             }
 
-            $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
-
             return;
         } else {
             return;