SpringMVC Return 401 for Unauthenticated Rest Calls

AjaxAwareLoginUrlAuthenticationEntryPoint.java

package com.bmchild.service.user;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.ELRequestMatcher;
import org.springframework.security.web.util.RequestMatcher;

/**
 * @author bchild
 *
 */
public class AjaxAwareLoginUrlAuthenticationEntryPoint extends
  	LoginUrlAuthenticationEntryPoint {
	
	private static final RequestMatcher requestMatcher = new ELRequestMatcher(
			"hasHeader('X-Requested-With','XMLHttpRequest')");
	
	@SuppressWarnings("deprecation")
	public AjaxAwareLoginUrlAuthenticationEntryPoint() {
		super();
	}
	
	public AjaxAwareLoginUrlAuthenticationEntryPoint(String loginFormUrl) {
		super(loginFormUrl);
	}
	
	@Override
	public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
        if(isPreflight(request)){
        	response.setStatus(HttpServletResponse.SC_NO_CONTENT);
        } else if (isRestRequest(request)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
        } else {
            super.commence(request, response, authException);
        }
    }
	
	/**
   * Checks if this is a X-domain pre-flight request.
	 * @param request
	 * @return
	 */
	private boolean isPreflight(HttpServletRequest request) {
		return "OPTIONS".equals(request.getMethod());
	}

	/**
	 * Checks if it is a rest request
	 * @param request
	 * @return
	 */
	protected boolean isRestRequest(HttpServletRequest request) {
		return requestMatcher.matches(request);
	}
}

security-context.xml

<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

	<security:global-method-security pre-post-annotations="enabled" secured-annotations="enabled"/>
	
	<security:http disable-url-rewriting="true" use-expressions="true" 
		entry-point-ref="ajaxAwareLoginUrlAuthenticationEntryPoint"> 
		<security:form-login 
			authentication-failure-url="/login?error=1" 
			login-processing-url="/login/submit"/>
		<security:logout logout-url="/logout" logout-success-url="/login"/>
		<security:intercept-url pattern="/" access="permitAll" />
		<security:intercept-url pattern="/css/**" access="permitAll" />
		<security:intercept-url pattern="/images/**" access="permitAll" />
		<security:intercept-url pattern="/js/**" access="permitAll" />
		<security:intercept-url pattern="/login" access="permitAll" />
		<security:intercept-url pattern="/**" access="isAuthenticated()" />
	</security:http>

	<security:authentication-manager erase-credentials="true" alias="authenticationManager" >
		<security:authentication-provider user-service-ref="customUserDetailsService">
			<security:password-encoder ref="passwordEncoder" base64="true"/>
		</security:authentication-provider>
	</security:authentication-manager>
	
	
	<bean id="ajaxAwareLoginUrlAuthenticationEntryPoint" class="com.bmchild.service.user.AjaxAwareLoginUrlAuthenticationEntryPoint">
		<constructor-arg value="/login" />
	</bean>

</beans>