fix wrong status codes with enabled anonymous access

scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java

@@ -180,7 +180,7 @@ public class BasicAuthenticationFilter extends HttpFilter
         logger.trace("could not find user send unauthorized");
       }
 
-      HttpUtil.sendUnauthorized(request, response);
+      handleUnauthorized(request, response, chain);
     }
     else
     {

scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java

@@ -115,6 +115,10 @@ public class SecurityFilter extends HttpFilter
       {
         response.sendError(HttpServletResponse.SC_FORBIDDEN);
       }
+      else if (configuration.isAnonymousAccessEnabled())
+      {
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+      }
       else
       {
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED);