=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java	2015-06-05 10:33:56 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/CrudControllerAdvice.java	2015-06-11 02:55:55 +0000
@@ -38,11 +38,13 @@
 import org.hisp.dhis.webapi.controller.exception.NotFoundException;
 import org.hisp.dhis.webapi.service.WebMessageService;
 import org.hisp.dhis.webapi.utils.ContextUtils;
+import org.hisp.dhis.webapi.utils.WebMessageUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -133,6 +135,12 @@
         ContextUtils.conflictResponse( response, ex.getClass().getName() ); //TODO fix message
     }
 
+    @ExceptionHandler( AccessDeniedException.class )
+    public void accessDeniedExceptionHandler( AccessDeniedException ex, HttpServletResponse response, HttpServletRequest request )
+    {
+        webMessageService.send( WebMessageUtils.forbidden( ex.getMessage() ), response, request );
+    }
+
     @ExceptionHandler( WebMessageException.class )
     public void webMessageExceptionHandler( WebMessageException ex, HttpServletResponse response, HttpServletRequest request )
     {

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/utils/WebMessageUtils.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/utils/WebMessageUtils.java	2015-06-08 08:39:47 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/utils/WebMessageUtils.java	2015-06-11 02:55:55 +0000
@@ -132,6 +132,16 @@
         return createWebMessage( message, devMessage, WebMessageStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST );
     }
 
+    public static WebMessage forbidden( String message )
+    {
+        return createWebMessage( message, WebMessageStatus.ERROR, HttpServletResponse.SC_FORBIDDEN );
+    }
+
+    public static WebMessage forbidden( String message, String devMessage )
+    {
+        return createWebMessage( message, WebMessageStatus.ERROR, HttpServletResponse.SC_FORBIDDEN );
+    }
+
     private WebMessageUtils()
     {
     }