diff --git a/core/src/main/java/hudson/Functions.java b/core/src/main/java/hudson/Functions.java
index e1dd185e4e52db8d95549c275f8543047f5938ac..42e4b8f5511094a44589d5107c7743337e332f91 100644
--- a/core/src/main/java/hudson/Functions.java
+++ b/core/src/main/java/hudson/Functions.java
@@ -383,7 +383,9 @@ public class Functions {
 
     public static void adminCheck(StaplerRequest req, StaplerResponse rsp, Object required) throws IOException, ServletException {
         if(required!=null && !Hudson.adminCheck(req,rsp)) {
-            // check failed
+            // check failed. commit the FORBIDDEN response, then abort.
+            rsp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            rsp.getOutputStream().close();
             throw new ServletException("Unauthorized access");
         }
     }