diff --git a/web-rest/src/main/java/li/strolch/rest/StrolchRestfulExceptionMapper.java b/web-rest/src/main/java/li/strolch/rest/StrolchRestfulExceptionMapper.java
index a28d3a790..df0985f75 100644
--- a/web-rest/src/main/java/li/strolch/rest/StrolchRestfulExceptionMapper.java
+++ b/web-rest/src/main/java/li/strolch/rest/StrolchRestfulExceptionMapper.java
@@ -43,14 +43,14 @@ public Response toResponse(Exception ex) {
 		if (ex instanceof NotFoundException)
 			return ResponseUtil.toResponse(Status.NOT_FOUND, ex);
 
-		if (ex instanceof StrolchAccessDeniedException e)
-			return ResponseUtil.toResponse(Status.FORBIDDEN, e.getI18n());
-
 		if (ex instanceof StrolchNotAuthenticatedException e) {
 			logger.error("User tried to access resource, but was not authenticated: " + ex.getMessage());
 			return Response.status(Status.UNAUTHORIZED).entity(e.getMessage()).type(MediaType.TEXT_PLAIN).build();
 		}
 
+		if (ex instanceof StrolchAccessDeniedException e)
+			return ResponseUtil.toResponse(Status.FORBIDDEN, e.getI18n());
+
 		return ResponseUtil.toResponse(ex);
 	}
 }
\ No newline at end of file
diff --git a/web-rest/src/main/java/li/strolch/rest/helper/ResponseUtil.java b/web-rest/src/main/java/li/strolch/rest/helper/ResponseUtil.java
index e3a6a5072..6b4c85771 100644
--- a/web-rest/src/main/java/li/strolch/rest/helper/ResponseUtil.java
+++ b/web-rest/src/main/java/li/strolch/rest/helper/ResponseUtil.java
@@ -1,21 +1,14 @@
 package li.strolch.rest.helper;
 
-import static li.strolch.rest.StrolchRestfulConstants.*;
-import static li.strolch.utils.helper.ExceptionHelper.getExceptionMessageWithCauses;
-import static li.strolch.utils.helper.ExceptionHelper.getRootCause;
-
-import jakarta.ws.rs.core.MediaType;
-import jakarta.ws.rs.core.Response;
-import jakarta.ws.rs.core.Response.Status;
-import java.util.List;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-
 import com.google.gson.Gson;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import li.strolch.exception.StrolchElementNotFoundException;
+import li.strolch.exception.StrolchNotAuthenticatedException;
 import li.strolch.exception.StrolchUserMessageException;
 import li.strolch.model.i18n.I18nMessageToJsonVisitor;
 import li.strolch.privilege.base.AccessDeniedException;
@@ -27,6 +20,14 @@
 import li.strolch.utils.collections.Paging;
 import li.strolch.utils.helper.StringHelper;
 
+import java.util.List;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+import static li.strolch.rest.StrolchRestfulConstants.*;
+import static li.strolch.utils.helper.ExceptionHelper.getExceptionMessageWithCauses;
+import static li.strolch.utils.helper.ExceptionHelper.getRootCause;
+
 /**
  * Created by eitch on 29.08.16.
  */
@@ -155,17 +156,17 @@ public static Response toResponse(ServiceResult svcResult) {
 	}
 
 	public static Response toResponse(Throwable t) {
-		if (t instanceof AccessDeniedException) {
+		if (t instanceof StrolchNotAuthenticatedException)
+			return ResponseUtil.toResponse(Status.UNAUTHORIZED, t);
+		if (t instanceof AccessDeniedException)
 			return ResponseUtil.toResponse(Status.FORBIDDEN, t);
-		} else if (t instanceof StrolchElementNotFoundException) {
+		if (t instanceof StrolchElementNotFoundException)
 			return ResponseUtil.toResponse(Status.NOT_FOUND, t);
-		} else if (t instanceof PrivilegeModelException) {
+		if (t instanceof PrivilegeModelException)
 			return ResponseUtil.toResponse(Status.INTERNAL_SERVER_ERROR, t);
-		} else if (t instanceof PrivilegeException) {
-			return ResponseUtil.toResponse(Status.UNAUTHORIZED, t);
-		} else {
-			return toResponse(Status.INTERNAL_SERVER_ERROR, t);
-		}
+		if (t instanceof PrivilegeException)
+			return ResponseUtil.toResponse(Status.FORBIDDEN, t);
+		return toResponse(Status.INTERNAL_SERVER_ERROR, t);
 	}
 
 	public static Response toResponse(Status status, String msg) {
@@ -183,8 +184,8 @@ public static Response toResponse(Status status, Throwable t) {
 			response.add("i18n", ex.getI18n().accept(new I18nMessageToJsonVisitor()));
 		} else {
 			Throwable rootCause = getRootCause(t);
-			if (rootCause instanceof StrolchUserMessageException ex
-					&& ((StrolchUserMessageException) rootCause).hasI18n()) {
+			if (rootCause instanceof StrolchUserMessageException ex &&
+					((StrolchUserMessageException) rootCause).hasI18n()) {
 				response.add("i18n", ex.getI18n().accept(new I18nMessageToJsonVisitor()));
 			}
 		}