diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index ad3284814..cdc541c22 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java	
@@ -233,6 +233,8 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 	}
 	catch (UnauthorizedException ue2)
 	{
+	    s.setMessage("You are not authorized to perform this function");
+
 		// Update lesson status if necessary.
 		String stage = getStage(s);
 		if (STAGE2.equals(stage))
@@ -273,7 +275,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 			}
 		}
 		
-	    s.setMessage("You are not authorized to perform this function");
 	    System.out.println("Authorization failure");
 	    setCurrentAction(s, ERROR_ACTION);
 	    ue2.printStackTrace();