Is there a way to fail as 401 (Unauthorized) when CAS cookie is missing rather than redirecting?

My reading of the code here is that there is no configuration to have a CAS-authorized resource to return a HTTP 401 rather than a 302 when there's no valid session; this presents an issue for some long-running web front-ends after activity timeouts (fetched JSON or other assets start returning ambiguous 302) so I want to check with the authoritative source.