@Override public void handleAuthenticationDenied(Request request, Response response, SecurityContextHolder context) throws Throwable { SecuredPath path = context.getSecuredPath(); if(null != path && null != path.getFailureHandler()) { if(path.getFailureHandler().handleAuthenticationDenied(request,response, context)) { return; } } for(SecurityInterceptor si : config.getInterceptors()) { if(State.isIntercepted(si.onAuthenticationDenied(request, response, context))) { return; } } loginManager.promoteLogin(request, response, context.getLoginContext()); if(response.getStatus() < HTTP.SC_MULTIPLE_CHOICES && response.getStatus() >= HTTP.SC_OK){ response.setStatus(HTTP.SC_UNAUTHORIZED); } }