Spring Security的自定义403的方式

有两种方法
1、自定义页面
在继承WebSecurityConfigurerAdapter的配置类中重写的configure方法中，加上下面

//自定义403权限不足的页面
http.exceptionHandling().accessDeniedPage("/page/403.html");

2、自定义返回值，多用于前后端分离
新建一个类，实现AccessDeniedHandler 接口，并注入到容器中

@Component
public class MyAccessDenied implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        //设置响应状态码
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        //设置响应数据格式
        httpServletResponse.setContentType("application/json;charset=utf-8");
        //输入响应内容
        PrintWriter writer = httpServletResponse.getWriter();
        String json="{\"status\":\"403\",\"msg\":\"拒绝访问\"}";
        writer.write(json);
        writer.flush();

    }
}

然后在继承WebSecurityConfigurerAdapter的配置类中就可以@Autowired这个注入的类

//自定义403权限不足的返回值
 http.exceptionHandling().accessDeniedHandler(myAccessDenied);