feature #49193 [Security] Return 403 instead of 500 when no firewall is defined (nicolas-grekas)

This PR was merged into the 6.3 branch.

Discussion
----------

[Security] Return 403 instead of 500 when no firewall is defined

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | #34148
| License       | MIT
| Doc PR        | -

Looks like ranting on Twitter may pay of sometimes ;)

https://twitter.com/zodman/status/1620954291187097600

The changes on ErrorListener make `#[WithHttpStatus]` and `#[WithLogLevel]` propagate to child classes.

Best reviewed [ignoring white spaces](https://github.com/symfony/symfony/pull/49193/files?w=1).

Commits
-------

c021ce79e8 [Security] Return 403 instead of 500 when no firewall is defined

Author: chalasr

Exception/AccessDeniedException.php

@@ -11,11 +11,14 @@
 
 namespace Symfony\Component\Security\Core\Exception;
 
+use Symfony\Component\HttpKernel\Attribute\WithHttpStatus;
+
 /**
  * AccessDeniedException is thrown when the account has not the required role.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
+#[WithHttpStatus(403)]
 class AccessDeniedException extends RuntimeException
 {
     private array $attributes = [];

Exception/AuthenticationException.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Exception;
 
+use Symfony\Component\HttpKernel\Attribute\WithHttpStatus;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
@@ -19,6 +20,7 @@
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Alexander <iam.asm89@gmail.com>
  */
+#[WithHttpStatus(401)]
 class AuthenticationException extends RuntimeException
 {
     /** @internal */