The default Oauth2 response for protected endpoint is a HTTP forward (302) to the login page. It is easier for the FE to have a 401 response for protected endpoints (that contains this modification).
Modification requested for CE-3240