Fixing automatic replacing of AccessDeniedExceptions with InsufficientAuthenticationException in Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException().

app/config/security.yml

@@ -9,4 +9,11 @@ security:
             security: false
 
         default:
-            anonymous: ~
+            # Needs to be changed if authentication is added
+            # Also it needs to be carefully checked that after enabling security here
+            # \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException() doesn't start to replace 403 by 401 exceptions
+            # for all users
+            # For example \Skobkin\Bundle\PointToolsBundle\Controller\PostController::showAction() can return AccessDeniedException and this logic must be saved
+            # After enabling authentication
+            security: false
+            #anonymous: true

src/Skobkin/Bundle/PointToolsBundle/Controller/PostController.php

@@ -12,8 +12,6 @@ class PostController extends AbstractController
 {
     /**
      * @ParamConverter("post", class="SkobkinPointToolsBundle:Blogs\Post")
-     *
-     * @return Response
      */
     public function showAction(Post $post, PostRepository $postRepository): Response
     {