[Fix] Return 403 instead of 401 for StrolchAccessDeniedException

li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulExceptionMapper.java

@@ -1,12 +1,12 @@
 /*
  * Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
- * 
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -24,6 +24,7 @@ import javax.ws.rs.ext.Provider;
 import java.text.MessageFormat;
 
 import li.strolch.exception.StrolchAccessDeniedException;
+import li.strolch.exception.StrolchNotAuthenticatedException;
 import li.strolch.privilege.model.Restrictable;
 import li.strolch.rest.helper.ResponseUtil;
 import org.slf4j.Logger;
@@ -59,7 +60,12 @@ public class StrolchRestfulExceptionMapper implements ExceptionMapper<Exception>
 				sb.append(restrictable.getPrivilegeValue());
 			}
 
-			return Response.status(Status.UNAUTHORIZED).entity(sb.toString()).type(MediaType.TEXT_PLAIN).build();
+			return Response.status(Status.FORBIDDEN).entity(sb.toString()).type(MediaType.TEXT_PLAIN).build();
+
+		} else if (ex instanceof StrolchNotAuthenticatedException) {
+			StrolchNotAuthenticatedException e = (StrolchNotAuthenticatedException) ex;
+			logger.error("User tried to access resource, but was not authenticated: " + ex.getMessage());
+			return Response.status(Status.UNAUTHORIZED).entity(e.getMessage()).type(MediaType.TEXT_PLAIN).build();
 		}
 
 		return ResponseUtil.toResponse(ex);