diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/AuthenticationSuccessEvent.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/AuthenticationSuccessEvent.java
index f8ff3e4b0..467e888bd 100644
--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/AuthenticationSuccessEvent.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/AuthenticationSuccessEvent.java
@@ -8,9 +8,6 @@ import net.sourceforge.guacamole.net.auth.UserContext;
  * authentication. The credentials that passed authentication are included
  * within this event, and can be retrieved using getCredentials().
  * 
- * Note that this event is only triggered when the UserContext is initially
- * created. Any further updates to the UserContext to not trigger this event.
- *
  * @author Michael Jumper
  */
 public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java
index 55670d0ed..8aa04b6ed 100644
--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java
@@ -5,9 +5,9 @@ import net.sourceforge.guacamole.net.auth.UserContext;
 
 /**
  * An event which is triggered whenever a tunnel is being closed. The tunnel
- * being closed can be accessed through getTunnel(), and the set of all
- * credentials available from the request which is closing the tunnel can be
- * retrieved using getCredentials().
+ * being closed can be accessed through getTunnel(), and the UserContext
+ * associated with the request which is closing the tunnel can be retrieved
+ * with getUserContext().
  *
  * @author Michael Jumper
  */
diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java
index 5fce47a63..a5f31131e 100644
--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java
@@ -5,9 +5,10 @@ import net.sourceforge.guacamole.net.auth.UserContext;
 
 /**
  * An event which is triggered whenever a tunnel is being connected. The tunnel
- * being connected can be accessed through getTunnel(), and the set of all
- * credentials available from the request which is connecting the tunnel can be
- * retrieved using getCredentials().
+ * being connected can be accessed through getTunnel(), and the UserContext
+ * associated with the request which is connecting the tunnel can be retrieved
+ * with getUserContext().
+
  *
  * @author Michael Jumper
  */
diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java
index f3405f255..c2109538a 100644
--- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java
+++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java
@@ -224,32 +224,48 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
             }
         }
 
-        HttpSession httpSession = request.getSession(true);
-
-        // Retrieve username and password from parms
-        String username = request.getParameter("username");
-        String password = request.getParameter("password");
-
-        // Build credentials object
-        Credentials credentials = new Credentials();
-        credentials.setSession(httpSession);
-        credentials.setRequest(request);
-        credentials.setUsername(username);
-        credentials.setPassword(password);
-
         try {
 
-            SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
-
-            // If no cached context, attempt to get new context
+            // Obtain context from session
+            HttpSession httpSession = request.getSession(true);
             UserContext context = getUserContext(httpSession);
-            if (context == null) {
 
-                context = authProvider.getUserContext(credentials);
+            // If new credentials present, update/create context
+            if (hasNewCredentials(request)) {
+
+                // Retrieve username and password from parms
+                String username = request.getParameter("username");
+                String password = request.getParameter("password");
+
+                // Build credentials object
+                Credentials credentials = new Credentials();
+                credentials.setSession(httpSession);
+                credentials.setRequest(request);
+                credentials.setUsername(username);
+                credentials.setPassword(password);
+
+                SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
+
+                // If no cached context, attempt to get new context
+                if (context == null)
+                    context = authProvider.getUserContext(credentials);
+
+                // Otherwise, update existing context
+                else
+                    context = authProvider.updateUserContext(context, credentials);
+
+                // If no context, fail authentication, notify listeners
+                if (context == null) {
+                    logger.warn("Authentication attempt from {} for user \"{}\" failed.",
+                            request.getRemoteAddr(), credentials.getUsername());
+
+                    notifyFailed(listeners, credentials);
+                }
+
+                // Otherwise, associate (possibly updated) context with session
+                // and notify listeners
+                else {
 
-                // If successful, log success and notify listeners
-                if (context != null) {
-                    
                     // Log successful authentication
                     logger.info("User \"{}\" successfully authenticated from {}.",
                             context.self().getUsername(), request.getRemoteAddr());
@@ -259,27 +275,15 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
                         context = null;
                     }
 
-                } // end if auth success
+                    httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
 
-            }
+                }
 
-            // Otherwise, update existing context
-            else if (hasNewCredentials(request))
-                context = authProvider.updateUserContext(context, credentials);
+            } // end if credentials present
 
-            // If no context, fail authentication, notify listeners
-            if (context == null) {
-                logger.warn("Authentication attempt from {} for user \"{}\" failed.",
-                        request.getRemoteAddr(), credentials.getUsername());
-
-                notifyFailed(listeners, credentials);
-                sendError(response, HttpServletResponse.SC_FORBIDDEN,
-                    "Permission denied.");
-                return;
-            }
-
-            // Associate (possibly updated) context with session
-            httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
+            // If no context, no authorizaton present
+            if (context == null)
+                throw new GuacamoleSecurityException("Not authenticated");
 
             // Allow servlet to run now that authentication has been validated
             authenticatedService(context, request, response);