secure admin needs to be enabled to allow user to use the Admin Console remotely.
The enforcement is checked in since in r49138 trunk, r49145 branch.
However, when access is denied, console always shows login error. Without differentiating whether it is login error or access denied.
we should be able to distinguish the response by calling restResp.getResponseCode(). If it is 401, need to display a login page. If it is 403, let user know that remote access is denied.