From fd4b4610ae1aa71c6f493446c9f864942de373c3 Mon Sep 17 00:00:00 2001
From: Michael Jumper <zhangmaike@users.sourceforge.net>
Date: Sun, 25 Mar 2012 23:09:40 -0700
Subject: [PATCH] Should send "403 - Forbidden" for security exceptions, not
 "401 - Unauthorized".

---
 .../guacamole/servlet/GuacamoleHTTPTunnelServlet.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/guacamole-common/src/main/java/net/sourceforge/guacamole/servlet/GuacamoleHTTPTunnelServlet.java b/guacamole-common/src/main/java/net/sourceforge/guacamole/servlet/GuacamoleHTTPTunnelServlet.java
index 44583e30c..90d91ab60 100644
--- a/guacamole-common/src/main/java/net/sourceforge/guacamole/servlet/GuacamoleHTTPTunnelServlet.java
+++ b/guacamole-common/src/main/java/net/sourceforge/guacamole/servlet/GuacamoleHTTPTunnelServlet.java
@@ -170,7 +170,7 @@ public abstract class GuacamoleHTTPTunnelServlet extends HttpServlet {
         // HTTP response, logging each error appropriately.
         catch (GuacamoleSecurityException e) {
             logger.warn("Authorization failed.", e);
-            sendError(response, HttpServletResponse.SC_UNAUTHORIZED);
+            sendError(response, HttpServletResponse.SC_FORBIDDEN);
         }
         catch (GuacamoleResourceNotFoundException e) {
             logger.debug("Resource not found.", e);