From d112a747b66c7616fa041d1d3022fff056ca32be Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 24 Mar 2014 19:49:23 -0700
Subject: [PATCH] GUAC-562: Send 403 for UNAUTHORIZED, even though 401 seems
 more appropriate. To do otherwise causes problems when HTTP authorize headers
 are present in the request (see:
 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html).

---
 .../org/glyptodon/guacamole/protocol/GuacamoleStatus.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/guacamole-common/src/main/java/org/glyptodon/guacamole/protocol/GuacamoleStatus.java b/guacamole-common/src/main/java/org/glyptodon/guacamole/protocol/GuacamoleStatus.java
index 7c5276990..2ccefb081 100644
--- a/guacamole-common/src/main/java/org/glyptodon/guacamole/protocol/GuacamoleStatus.java
+++ b/guacamole-common/src/main/java/org/glyptodon/guacamole/protocol/GuacamoleStatus.java
@@ -81,9 +81,11 @@ public enum GuacamoleStatus {
 
     /**
      * Permission was denied to perform the operation, as the user is not yet
-     * authorized (not yet logged in, for example).
+     * authorized (not yet logged in, for example). As HTTP 401 has implications
+     * for HTTP-specific authorization schemes, this status continues to map to
+     * HTTP 403 ("Forbidden"). To do otherwise would risk unintended effects.
      */
-    CLIENT_UNAUTHORIZED(401, 1008, 0x0301),
+    CLIENT_UNAUTHORIZED(403, 1008, 0x0301),
 
     /**
      * Permission was denied to perform the operation, and this operation will