diff --git a/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java b/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
index 52a022ad..c256d5f7 100644
--- a/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
+++ b/role-based-access-control/src/main/java/org/owasp/webgoat/plugin/rollbased/RoleBasedAccessControl.java
@@ -200,6 +200,11 @@ public void handleRequest(WebSession s)
     {
         // Here is where dispatching to the various action handlers happens.
         // It would be a good place verify authorization to use an action.
+        public void handleRequest(WebSession s) {
+If(!isAuthorized(s, userId, requestedActionname){
+throw new UnauthorizedException();
+}
+}
 
         // System.out.println("RoleBasedAccessControl.handleRequest()");
         if (s.getLessonSession(this) == null) {