grails - Spring Security Plugin Should Respond with 401 instead of 403 -

when web session expires, spring security responds 403 http status. ideally, respond 401. unauthorized , forbidden different. request secured resource should return 403 if there valid session, user doesn't have permissions said resource. if resource secured , there no authenticated session, spring security should return 401.

my application needs specific distinguishing between these 2 error codes.

my question is, how can customize behavior? reference argument on differences between 401 , 403, read this.

here solution this:

@configuration public class webctxconfig  implements beanpostprocessor {          @override         public object postprocessbeforeinitialization(object bean, string beanname) throws beansexception {             if (bean instanceof sessionmanagementfilter) {                 sessionmanagementfilter filter = (sessionmanagementfilter) bean;                 filter.setinvalidsessionstrategy(new invalidsessionstrategy() {                      @override                     public void oninvalidsessiondetected(httpservletrequest request, httpservletresponse response) throws ioexception, servletexception {                         response.senderror(httpservletresponse.sc_unauthorized);                     }                 });             }             return bean;         }          @override         public object postprocessafterinitialization(object bean, string beanname) throws beansexception {             return bean;         }     }