add UserAccessDeniedHandler make 404 on 401

src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt

@@ -1,6 +1,7 @@
 package ltd.hlaeja.configuration
 
 import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
+import ltd.hlaeja.security.handler.UserAccessDeniedHandler
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpStatus.FOUND
@@ -17,6 +18,7 @@ class SecurityConfiguration {
     @Bean
     fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity
         .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
+        .exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
         .authorizeExchange(::authorizeExchange)
         .formLogin(::formLogin)
         .logout(::logout)

src/main/kotlin/ltd/hlaeja/security/handler/UserAccessDeniedHandler.kt

@@ -0,0 +1,15 @@
+package ltd.hlaeja.security.handler
+
+import org.springframework.http.HttpStatus.NOT_FOUND
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
+import org.springframework.web.server.ResponseStatusException
+import org.springframework.web.server.ServerWebExchange
+import reactor.core.publisher.Mono
+
+class UserAccessDeniedHandler : ServerAccessDeniedHandler {
+    override fun handle(
+        exchange: ServerWebExchange,
+        denied: AccessDeniedException,
+    ): Mono<Void> = Mono.error(ResponseStatusException(NOT_FOUND, "Access denied ${exchange.request.path}", denied))
+}