When a request enters the controller, and the isRouteAllowed() method of the current SecurityProvider implementation denies the request, we want to be able to return a response code instead of redirecting the request to a view.

This would be done by having AeroGear-Controller listen for CDI events of something like HttpErrorStatusEvent, and in that case respond with the information in the generated event (status and message).