@Override
public final Resource findTarget(Request request, Response response) {
GeoServerSecurityManager secMgr = scriptMgr.getSecurityManager();
// ensure user authenticated
if (!secMgr.checkAuthenticationForAdminRole()) {
response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
return null;
}
// extra step of requiring that teh admin password has been changed