How to get rid of "You must configure the check path to be handled by the firewall" error with GET requests?

Question

When I am authenticating usual way (using login form), it works all right. I am getting this error only when /check_form is accessed via GET method directly, in which case an exception being thrown:

You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.

Here is the relevant security.yml part:

firewalls:
    acme_area:
        pattern:    ^/(acme|admin)/
        provider: fos_userbundle
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: acme_login
            check_path: /acme/login_check
        logout:
            path: /acme/logout
            target: acme_login
        anonymous: true

I am using 2.3, thus no methods option is applicable (though I have no idea if it would help).

It is not really an issue as no proper usage could be spoiled by this error, but it pollutes the error log when some diligent bot is visiting the site and it's just untidy. So, I'd like to know which configuration option I can change to get rid of this error.

To boil this down, it seems that I want some 4xx error to be thrown instead of 500. Ideally it should be 405 Method Not Allowed, but 404 cold do too.

EDIT:

As as I learned from the Alex's answer below, this happens because POST requests are handled by the firewall and GET requests by the Controller. Thus, it seems that default checkAction() have to be extended to be able to handle two cases:

1. When request is POST but no firewal entry is present (already nandled)
2. When firewall entry is present but request is GET (my case)

Answer 1

There is no configuration option for that. If the request reach the controller, it unconditionally throws the exception: credible source.

POST request to the route are handled by firewall: official docs; GET ones go to the controller as usual.

There are few options to get rid of the error in the log, if you don't care about such events. The simplest one in my opinion is to override SecurityController::checkAction to return 500 error without throwing an exception. The official docs how to achieve it: Overriding Default FOSUserBundle Controllers.

EDIT:

In the controller you can return whatever code you like:

public function checkAction()
{
    return new Response('', 418); // or better use Response constants 
}

Another way is to disable GET method to /acme/login_check in the routing config, and let router do its job and return normal 405 Method Not Allowed as usual.

EDIT2:

You can analyse request in the action, and still throw an exception:

public function checkAction(Request $request)
{
    if ($request->getMethod() == Request::METHOD_POST) {
        throw new \RuntimeException('You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.');
    } else {
        return new Response('', Response::HTTP_METHOD_NOT_ALLOWED);
    }
}

but I would recommend to debug your routes instead. This logic should belong to the router, not controller. In the long run, your routing config will mislead devs who will maintain this code, and they will have several hard debugging hours trying to figure out why it returns 405, when app/console debug:router clearly states that GET method is allowed.