diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index 69c899b8b9de71c2b747038d55141b6881d92581..f6a82a57133ff56f77471157c65a130c7cb3cc9b 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -17,6 +17,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.*;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
@@ -39,6 +40,8 @@ import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.WebUtils;
@@ -59,8 +62,6 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
-//newlyadded for logout
-
 
 // See https://spring.io/guides/tutorials/spring-boot-oauth2/ for reference about configuring OAuth2 login
 // also http://cscarioni.blogspot.ch/2013/04/pro-spring-security-and-oauth-2.html
@@ -110,9 +111,14 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
     private String revokeTokenURI;
 
+    @ControllerAdvice
+    class AccessDeniedExceptionHandler {
 
-//    @Autowired
-//    private HttpServletRequest request;
+        @ExceptionHandler(value = AccessDeniedException.class)
+        public void handleConflict(HttpServletResponse response) throws IOException {
+            response.sendError(403, "Access is denied. Please contact the system administrator to request access.");
+        }
+    }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index 0c027d4978eab28fdd61633a8b68c320598c50ec..262b6512f6d22428979bbb98b8c6b428a6b1e5ea 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -64,7 +64,7 @@ public class ExperimentApi {
     @Value("#{'${services.workflows.workflowUrl}'}")
     private String workflowUrl;
 
-    @Value("#{'${services.workflows.jwtSecret}'}")
+    @Value("#{'${services.workflows.jwtSecret}'}")Î‘
     private String jwtSecret;
 
     @Value("#{'${services.galaxy.galaxyUrl}'}")