return unauthorized instead of forbidden when session is required

wizard-server/src/main/java/org/cobbzilla/wizard/resources/ResourceUtil.java

@@ -210,7 +210,7 @@ public class ResourceUtil {
             log.debug("userPrincipal: "+e);
             user = null;
         }
-        if (required && user == null) throw forbiddenEx();
+        if (required && user == null) throw unauthorizedEx();
         return user;
     }