[Security] Return 403 instead of 500 when no firewall is defined

nicolas-grekas · nicolas-grekas · commit 2621e43fb9af · 2023-02-02T09:13:59.000+01:00
diff --git a/Exception/AccessDeniedException.php b/Exception/AccessDeniedException.php
@@ -11,11 +11,14 @@
 
 namespace Symfony\Component\Security\Core\Exception;
 
+use Symfony\Component\HttpKernel\Attribute\WithHttpStatus;
+
 /**
  * AccessDeniedException is thrown when the account has not the required role.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[WithHttpStatus(403)]
 class AccessDeniedException extends RuntimeException
 {
     private array $attributes = [];
diff --git a/Exception/AuthenticationException.php b/Exception/AuthenticationException.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Exception;
 
+use Symfony\Component\HttpKernel\Attribute\WithHttpStatus;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
@@ -19,6 +20,7 @@
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Alexander <iam.asm89@gmail.com>
  */
+#[WithHttpStatus(401)]
 class AuthenticationException extends RuntimeException
 {
     /** @internal */

Original file line number	Diff line number	Diff line change
`@@ -11,11 +11,14 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Core\Exception;`
`13`	`13`
	`14`	`+use Symfony\Component\HttpKernel\Attribute\WithHttpStatus;`
	`15`	`+`
`14`	`16`	`/**`
`15`	`17`	`* AccessDeniedException is thrown when the account has not the required role.`
`16`	`18`	`*`
`17`	`19`	`* @author Fabien Potencier <[email protected]>`
`18`	`20`	`*/`
	`21`	`+#[WithHttpStatus(403)]`
`19`	`22`	`class AccessDeniedException extends RuntimeException`
`20`	`23`	`{`
`21`	`24`	`private array $attributes = [];`