When a PDF document is protected with a security policy from LiveCycle ES or AEM Forms, it can only be opened by Adobe Reader. Here's what it looks like when you try to open it in another PDF viewer.
Firefox (internally uses PDF.js):
But I have seen secured PDF documents that in other viewers show customised content - e.g. instructions to download and install Adobe Reader. So there must be a way to add unprotected content to protected PDF files, which other PDF viewers will display. How can I do it?
I haven't actually used the functionality that you are describing, but I took a quick look at the ExternalAuthResultDTO API and it has a method public void setAccessDeniedErrorMessage(java.lang.String accessDeniedErrorMessage)  . This looks like it should customise the error message that is returned if the user doesn't get any permissions set.
The method says it sets the error message during the evaluate() method so if you override this method (as you are) I expect you can set your own message to be returned.