diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
index 22f0de0..5deb8b6 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/java/rest/BookmarkREST.java
@@ -49,7 +49,7 @@ public class BookmarkREST {
 	@GET
 	@Path("{id}")
 	@Produces("application/json")
-	public Bookmark load(@PathParam("id") Long id) {
+	public Bookmark load(@PathParam("id") Long id) throws Exception {
 		Bookmark result = bc.load(id);
 
 		if (result == null) {
@@ -65,7 +65,7 @@ public class BookmarkREST {
 	@ValidatePayload
 	@Produces("application/json")
 	@Consumes("application/json")
-	public Response insert(Bookmark entity, @Context UriInfo uriInfo) {
+	public Response insert(Bookmark entity, @Context UriInfo uriInfo) throws Exception {
 		checkId(entity);
 
 		String id = bc.insert(entity).getId().toString();
@@ -81,7 +81,7 @@ public class BookmarkREST {
 	@ValidatePayload
 	@Produces("application/json")
 	@Consumes("application/json")
-	public void update(@PathParam("id") Long id, Bookmark entity) {
+	public void update(@PathParam("id") Long id, Bookmark entity) throws Exception {
 		checkId(entity);
 		load(id);
 
@@ -93,7 +93,7 @@ public class BookmarkREST {
 	@LoggedIn
 	@Path("{id}")
 	@Transactional
-	public void delete(@PathParam("id") Long id) {
+	public void delete(@PathParam("id") Long id) throws Exception {
 		load(id);
 		bc.delete(id);
 	}
@@ -101,11 +101,11 @@ public class BookmarkREST {
 	@DELETE
 	@LoggedIn
 	@Transactional
-	public void delete(List<Long> ids) {
+	public void delete(List<Long> ids) throws Exception {
 		bc.delete(ids);
 	}
 
-	private void checkId(Bookmark entity) {
+	private void checkId(Bookmark entity) throws Exception {
 		if (entity.getId() != null) {
 			throw new BadRequestException();
 		}
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/bookmark-edit.js b/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/bookmark-edit.js
index 1e3d0c7..3db9695 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/bookmark-edit.js
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/bookmark-edit.js
@@ -68,7 +68,7 @@ function saveOk(data) {
 
 function saveFailed(request) {
 	switch (request.status) {
-		case 412:
+		case 422:
 			$($("form input").get().reverse()).each(function() {
 				var id = $(this).attr('id');
 				var message = null;
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/login.js b/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/login.js
index 8d46ca2..a3bdbc6 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/login.js
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/main/webapp/js/controller/login.js
@@ -3,14 +3,14 @@ $(function() {
 
 	$("form").submit(function(event) {
 		event.preventDefault();
-		
+
 		$("[id$='-message']").hide();
-		
+
 		var form = {
 			'username' : $("#username").val().trim(),
 			'password' : $("#password").val().trim()
 		};
-		
+
 		AuthProxy.login(form).done(loginOk).fail(loginFail);
 	});
 });
@@ -32,7 +32,7 @@ function loginFail(request) {
 			$("#global-message").html("Usuário ou senha inválidos.").show();
 			break;
 
-		case 412:
+		case 422:
 			$($("form input").get().reverse()).each(function() {
 				var id = $(this).attr('id');
 				var message = null;
@@ -54,4 +54,4 @@ function loginFail(request) {
 			});
 			break;
 	}
-}
\ No newline at end of file
+}
diff --git a/archetype/html-rest/src/main/resources/archetype-resources/src/test/java/rest/BookmarkRESTTest.java b/archetype/html-rest/src/main/resources/archetype-resources/src/test/java/rest/BookmarkRESTTest.java
index 87fc078..28612bd 100644
--- a/archetype/html-rest/src/main/resources/archetype-resources/src/test/java/rest/BookmarkRESTTest.java
+++ b/archetype/html-rest/src/main/resources/archetype-resources/src/test/java/rest/BookmarkRESTTest.java
@@ -35,7 +35,8 @@ import org.junit.Before;
 import org.junit.Test;
 
 import ${package}.entity.Bookmark;
-import br.gov.frameworkdemoiselle.PreconditionFailedException;
+import br.gov.frameworkdemoiselle.HttpViolationException;
+import br.gov.frameworkdemoiselle.UnprocessableEntityException;
 
 public class BookmarkRESTTest {
 
@@ -169,8 +170,8 @@ public class BookmarkRESTTest {
 		HttpPost request;
 		CloseableHttpResponse response;
 		Bookmark bookmark;
-		Set<PreconditionFailedException.Violation> violations;
-		PreconditionFailedException expected;
+		Set<UnprocessableEntityException.Violation> violations;
+		HttpViolationException expected;
 
 		bookmark = new Bookmark();
 		bookmark.setDescription("Google");
@@ -191,9 +192,9 @@ public class BookmarkRESTTest {
 		response.close();
 		assertEquals(SC_PRECONDITION_FAILED, response.getStatusLine().getStatusCode());
 		violations = mapper.readValue(response.getEntity().getContent(),
-				new TypeReference<Set<PreconditionFailedException.Violation>>() {
+				new TypeReference<Set<UnprocessableEntityException.Violation>>() {
 				});
-		expected = new PreconditionFailedException();
+		expected = new UnprocessableEntityException();
 		expected.addViolation("description", "não pode ser nulo");
 		expected.addViolation("link", "não pode ser nulo");
 		assertEquals(expected.getViolations(), violations);
@@ -209,9 +210,9 @@ public class BookmarkRESTTest {
 		response.close();
 		assertEquals(SC_PRECONDITION_FAILED, response.getStatusLine().getStatusCode());
 		violations = mapper.readValue(response.getEntity().getContent(),
-				new TypeReference<Set<PreconditionFailedException.Violation>>() {
+				new TypeReference<Set<UnprocessableEntityException.Violation>>() {
 				});
-		expected = new PreconditionFailedException().addViolation("link", "formato inválido");
+		expected = new UnprocessableEntityException().addViolation("link", "formato inválido");
 		assertEquals(expected.getViolations(), violations);
 
 		bookmark = new Bookmark();
@@ -266,8 +267,8 @@ public class BookmarkRESTTest {
 		response.close();
 		Long id = parseEntity(response.getEntity(), Long.class);
 		Bookmark bookmark;
-		Set<PreconditionFailedException.Violation> violations;
-		PreconditionFailedException expected;
+		Set<UnprocessableEntityException.Violation> violations;
+		HttpViolationException expected;
 
 		bookmark = new Bookmark();
 		bookmark.setDescription("Google");
@@ -288,9 +289,9 @@ public class BookmarkRESTTest {
 		response.close();
 		assertEquals(SC_PRECONDITION_FAILED, response.getStatusLine().getStatusCode());
 		violations = mapper.readValue(response.getEntity().getContent(),
-				new TypeReference<Set<PreconditionFailedException.Violation>>() {
+				new TypeReference<Set<UnprocessableEntityException.Violation>>() {
 				});
-		expected = new PreconditionFailedException();
+		expected = new UnprocessableEntityException();
 		expected.addViolation("description", "não pode ser nulo");
 		expected.addViolation("link", "não pode ser nulo");
 		assertEquals(expected.getViolations(), violations);
@@ -306,9 +307,9 @@ public class BookmarkRESTTest {
 		response.close();
 		assertEquals(SC_PRECONDITION_FAILED, response.getStatusLine().getStatusCode());
 		violations = mapper.readValue(response.getEntity().getContent(),
-				new TypeReference<Set<PreconditionFailedException.Violation>>() {
+				new TypeReference<Set<UnprocessableEntityException.Violation>>() {
 				});
-		expected = new PreconditionFailedException().addViolation("link", "formato inválido");
+		expected = new UnprocessableEntityException().addViolation("link", "formato inválido");
 		assertEquals(expected.getViolations(), violations);
 
 		bookmark = new Bookmark();
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/ForbiddenException.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/ForbiddenException.java
index 427829c..628fe5a 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/ForbiddenException.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/ForbiddenException.java
@@ -2,9 +2,7 @@ package br.gov.frameworkdemoiselle;
 
 import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 
-import javax.xml.ws.http.HTTPException;
-
-public class ForbiddenException extends HTTPException {
+public class ForbiddenException extends HttpViolationException {
 
 	private static final long serialVersionUID = 1L;
 
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/NotFoundException.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/NotFoundException.java
index 167ec15..3656675 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/NotFoundException.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/NotFoundException.java
@@ -2,9 +2,7 @@ package br.gov.frameworkdemoiselle;
 
 import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
 
-import javax.xml.ws.http.HTTPException;
-
-public class NotFoundException extends HTTPException {
+public class NotFoundException extends HttpViolationException {
 
 	private static final long serialVersionUID = 1L;
 
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/ConstraintViolationExceptionMapper.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/ConstraintViolationExceptionMapper.java
index b87942d..b975178 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/ConstraintViolationExceptionMapper.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/ConstraintViolationExceptionMapper.java
@@ -1,7 +1,5 @@
 package br.gov.frameworkdemoiselle.internal.implementation;
 
-import static javax.ws.rs.core.Response.Status.PRECONDITION_FAILED;
-
 import java.util.Iterator;
 
 import javax.validation.ConstraintViolation;
@@ -24,6 +22,7 @@ public class ConstraintViolationExceptionMapper implements ExceptionMapper<Const
 			failed.addViolation(violation.getPropertyPath().toString(), violation.getMessage());
 		}
 
-		return Response.status(PRECONDITION_FAILED).entity(failed.getViolations()).build();
+		int status = new UnprocessableEntityException().getStatusCode();
+		return Response.status(status).entity(failed.getViolations()).build();
 	}
 }
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HTTPExceptionMapper.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HTTPExceptionMapper.java
deleted file mode 100644
index 6383971..0000000
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HTTPExceptionMapper.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package br.gov.frameworkdemoiselle.internal.implementation;
-
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
-import javax.xml.ws.http.HTTPException;
-
-@Provider
-public class HTTPExceptionMapper implements ExceptionMapper<HTTPException> {
-
-	@Override
-	public Response toResponse(HTTPException exception) {
-		return Response.status(exception.getStatusCode()).build();
-	}
-}
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpViolationExceptionMapper.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpViolationExceptionMapper.java
index 49e5aab..4505700 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpViolationExceptionMapper.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpViolationExceptionMapper.java
@@ -1,16 +1,22 @@
 package br.gov.frameworkdemoiselle.internal.implementation;
 
+import java.util.Set;
+
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;
 
 import br.gov.frameworkdemoiselle.HttpViolationException;
+import br.gov.frameworkdemoiselle.HttpViolationException.Violation;
 
 @Provider
 public class HttpViolationExceptionMapper implements ExceptionMapper<HttpViolationException> {
 
 	@Override
 	public Response toResponse(HttpViolationException exception) {
-		return Response.status(exception.getStatusCode()).entity(exception.getViolations()).build();
+		Set<Violation> violations = exception.getViolations();
+		violations = violations.isEmpty() ? null : violations;
+
+		return Response.status(exception.getStatusCode()).entity(violations).build();
 	}
 }
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/AbstractHTTPAuthorizationFilter.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/AbstractHTTPAuthorizationFilter.java
index a73a452..f523af3 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/AbstractHTTPAuthorizationFilter.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/AbstractHTTPAuthorizationFilter.java
@@ -51,9 +51,6 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import br.gov.frameworkdemoiselle.security.AuthenticationException;
-import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
-import br.gov.frameworkdemoiselle.security.SecurityContext;
 import br.gov.frameworkdemoiselle.util.Beans;
 import br.gov.frameworkdemoiselle.util.Strings;
 
@@ -70,7 +67,11 @@ public abstract class AbstractHTTPAuthorizationFilter implements Filter {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
-		if (request instanceof HttpServletRequest && isSupported(getAuthHeader((HttpServletRequest) request))) {
+		
+		RESTSecurityConfig config = Beans.getReference(RESTSecurityConfig.class);
+		
+		if (request instanceof HttpServletRequest && isActive(config)
+				&& isSupported(getAuthHeader((HttpServletRequest) request))) {
 			try {
 				performLogin((HttpServletRequest) request);
 				chain.doFilter((HttpServletRequest) request, (HttpServletResponse) response);
@@ -92,6 +93,8 @@ public abstract class AbstractHTTPAuthorizationFilter implements Filter {
 
 	protected abstract boolean isSupported(String authHeader);
 
+	protected abstract boolean isActive(RESTSecurityConfig config);
+
 	protected abstract void prepareForLogin();
 
 	private void performLogin(HttpServletRequest request) {
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
index 556761e..417395c 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
@@ -52,6 +52,11 @@ public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter {
 	}
 
 	@Override
+	protected boolean isActive(RESTSecurityConfig config) {
+		return config.isBasicFilterActive();
+	}
+
+	@Override
 	protected void prepareForLogin() {
 		String[] basicCredentials = getCredentials(credentials);
 
diff --git a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthFilter.java b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthFilter.java
index f67add7..8b6c35e 100644
--- a/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthFilter.java
+++ b/impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/TokenAuthFilter.java
@@ -49,6 +49,11 @@ public class TokenAuthFilter extends AbstractHTTPAuthorizationFilter {
 	}
 
 	@Override
+	protected boolean isActive(RESTSecurityConfig config) {
+		return config.isTokenFilterActive();
+	}
+
+	@Override
 	protected void prepareForLogin() {
 		Beans.getReference(Token.class).setValue(token);
 	}
--
libgit2 0.21.2