add a switch to turn on / off arbac02 checks.
diff --git a/src/main/java/org/apache/directory/fortress/rest/SecUtils.java b/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
index 6c69925..3172ba6 100644
--- a/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
+++ b/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
@@ -59,7 +59,7 @@
*
* @param fortRequest Used to carry the session and other data.
* @param httpRequest Used to get the security principal.
- * @return Response containing the RBAC session object.
+ * @return Response containing the RBAC session object if found or error, otherwise (not arbac02 not enabled) return NULL value.
*/
static FortResponse initializeSession(FortRequest fortRequest, HttpServletRequest httpRequest)
{