From ec1e8d2c025eb3fc369f37b3084caf214b7c13bd Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Fri, 12 Feb 2021 16:48:35 +0100
Subject: [PATCH] [Minor] Using better abort status when validating requests

---
 .../li/strolch/rest/filters/AuthenticationRequestFilter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
index ec7ceaa29..190750503 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
@@ -237,7 +237,7 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
 		if (certificate.getUsage() == Usage.SET_PASSWORD) {
 			if (!requestContext.getUriInfo().getMatchedURIs()
 					.contains("strolch/privilege/users/" + certificate.getUsername() + "/password")) {
-				requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
+				requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
 						.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Can only set password!")
 						.build());
 				return null;