If RoleBased authorization fails the response returned doesn't contain a body text (only the reponse status code is set to 403).
I have following resource:
Exexuting get method on this resource returns Response with status code 403 and empty response.getEntity().
The HTTP specification for 403 code  says:
"... If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead."
The response should either provide and explanation for 403 code or return 404.