RestRouter.java seems to always reply with 401 Unauthorized when isAllowed(User user, RouteDefinition definition) equals false. According to multiple forums, including Stack Overflow, a 401 should only be used when the user is not authenticated. If the user does not have the required role (@RolesAllowed) for a route, a 403 should be returned because it is used for authorization errors.

Is it possible for me to change 401 to 403 when the user does not have the required role?