问题
I'm designing my 403 page and I can't seem to obtain the 'reason' string which I am populating on various forbidden pages to give a more relative response to the issue at hand. If I type ${response.reason} in the template, the whole page gets replaced with just the text of the response.
回答1:
In the code it seems that you can get this value in your template by doing
${result.getMessage()}
result is your Forbidden object that inherits from RuntimeException and the description you provide is passed to the base class as the exception message
回答2:
You don't want to provide any more reason the "Forbidden". From a security standpoint, the user has attempted an unauthorized operation, and the last thing you want do is tell them exactly what's wrong (unknown user, invalid password, etc). If you do this you are giving away information that could help the user penetrate your system.
For example, if you distinguish between unknown user and invalid password, you give away whether or not the userid exists.
来源:https://stackoverflow.com/questions/12630672/how-do-i-obtain-the-reason-for-a-forbidden