diff --git a/src/main/java/caosdb/server/resource/AbstractCaosDBServerResource.java b/src/main/java/caosdb/server/resource/AbstractCaosDBServerResource.java
index ea4e65f0a60d72cb5da6cb03b2cec44848dbc3c6..41a2f68170cd3d0b5f658c07b5bfcc4ceba84801 100644
--- a/src/main/java/caosdb/server/resource/AbstractCaosDBServerResource.java
+++ b/src/main/java/caosdb/server/resource/AbstractCaosDBServerResource.java
@@ -408,12 +408,8 @@ public abstract class AbstractCaosDBServerResource extends ServerResource {
     try {
       getRequest().getAttributes().put("THROWN", t);
       throw t;
-    } catch (final AuthenticationException e) {
-      getResponse().setStatus(Status.CLIENT_ERROR_FORBIDDEN);
-      return null;
-    } catch (final AuthorizationException e) {
-      getResponse().setStatus(Status.CLIENT_ERROR_FORBIDDEN);
-      return null;
+    } catch (final AuthenticationException | AuthorizationException e) {
+      return error(ServerMessages.NOT_PERMITTED, Status.CLIENT_ERROR_FORBIDDEN);
     } catch (final Message m) {
       return error(m, Status.CLIENT_ERROR_BAD_REQUEST);
     } catch (final FileUploadException e) {
diff --git a/src/main/java/caosdb/server/resource/FileSystemResource.java b/src/main/java/caosdb/server/resource/FileSystemResource.java
index a910e2dde8a4e385c9905a777eb41fa23bf225af..37f0e9ffda3f81b84c6001c5521ba5c8451b473e 100644
--- a/src/main/java/caosdb/server/resource/FileSystemResource.java
+++ b/src/main/java/caosdb/server/resource/FileSystemResource.java
@@ -59,6 +59,11 @@ import org.restlet.representation.Representation;
  */
 public class FileSystemResource extends AbstractCaosDBServerResource {
 
+  public static Message ORPHANED_FILE_WARNING =
+      new Message(
+          MessageType.Warning,
+          "Orphaned file. The file is not tracked. This is probably a harmless inconsistency but it might be a sign of other problems.");
+
   /**
    * Download a File from the CaosDBFileSystem. Only one File per Request.
    *
@@ -127,6 +132,13 @@ public class FileSystemResource extends AbstractCaosDBServerResource {
 
     } else {
 
+      try {
+        getEntity(specifier).checkPermission(EntityPermission.RETRIEVE_FILE);
+      } catch (EntityDoesNotExistException exception) {
+        // This file in the file system has no corresponding File record.
+        return error(ServerMessages.NOT_PERMITTED, Status.CLIENT_ERROR_FORBIDDEN);
+      }
+
       final MediaType mt = MediaType.valueOf(FileUtils.getMimeType(file));
       final FileRepresentation ret = new FileRepresentation(file, mt);
       ret.setDisposition(new Disposition(Disposition.TYPE_ATTACHMENT));
@@ -160,29 +172,31 @@ public class FileSystemResource extends AbstractCaosDBServerResource {
    */
   Element getFileElement(final String directory, final File file) throws Exception {
     final Element celem = new Element("file");
+    celem.setAttribute("name", file.getName());
 
-    final String entId =
-        getEntityID((directory.endsWith("/") ? directory : directory + "/") + file.getName());
-    if (entId == null) {
-      new Message(
-              MessageType.Warning,
-              "Orphaned file. The file is not tracked. This is probably a harmless inconsistency but it might be a sign of other problems.")
-          .addToElement(celem);
-    } else {
+    try {
+      final String entId =
+          getEntityID((directory.endsWith("/") ? directory : directory + "/") + file.getName());
       celem.setAttribute("id", entId);
+    } catch (EntityDoesNotExistException exception) {
+      // This file in the file system has no corresponding File record.
+      ORPHANED_FILE_WARNING.addToElement(celem);
     }
-    celem.setAttribute("name", file.getName());
     return celem;
   }
 
   protected String getEntityID(final String path) throws Exception {
     final Entity fileEnt = getEntity(path);
-    if (fileEnt == null) {
-      return null;
-    }
     return fileEnt.getId().toString();
   }
 
+  /**
+   * Throws EntityDoesNotExistException when there is not entity with that path.
+   *
+   * @param path
+   * @return
+   * @throws Exception
+   */
   private Entity getEntity(final String path) throws Exception {
     final long t1 = System.currentTimeMillis();
     final TransactionContainer c = new TransactionContainer();
@@ -191,12 +205,7 @@ public class FileSystemResource extends AbstractCaosDBServerResource {
     e.setFileProperties(fp);
     c.add(e);
     final Transaction<?> t = new RetrieveSparseEntityByPath(c);
-    try {
-      t.execute();
-    } catch (EntityDoesNotExistException exception) {
-      // This file in the file system has no corresponding File record.
-      return null;
-    }
+    t.execute();
     final long t2 = System.currentTimeMillis();
     getBenchmark().addMeasurement(this.getClass().getSimpleName() + ".getEntity", t2 - t1);
     return e;
@@ -204,19 +213,9 @@ public class FileSystemResource extends AbstractCaosDBServerResource {
 
   protected File getFile(final String path) throws Exception {
     final File ret = getFromFileSystem(path);
-    if (ret != null && ret.isFile()) {
-      checkPermissions(path);
-    }
     return ret;
   }
 
-  private final void checkPermissions(final String path) throws Exception {
-    final long t1 = System.currentTimeMillis();
-    getEntity(path).checkPermission(EntityPermission.RETRIEVE_FILE);
-    final long t2 = System.currentTimeMillis();
-    getBenchmark().addMeasurement(this.getClass().getSimpleName() + ".checkPermissions", t2 - t1);
-  }
-
   @Override
   protected Representation httpPostInChildClass(final Representation entity)
       throws ConnectionException, JDOMException {