BTW, to respond fully to your question:
> But am not able to override error exceptions like (401 auth required)?
At first, place near begining of your policy:
You can later on define error.code, error.content-type and error.msg, to dynamically send back reponse code.
For the 401, I'm guessing you're trying to find out if authentication succeded after a "Route via HTTPS" assertion.
By default, "Route via HTTPS" will fail if error code >= 400.
One way is to explicitely tell this assertion to "never fail", then add some policy logic to parse ${httpRouting.reasonCode}.
Or you can live with "fail if >=400" but then modify policy logic to trap error, including special treat for "special errors" from -1 to -6. Then ultimately you can turn this error handling into a nice encapsulated assertion
Didn't tested the following code, I've quickly copied/pasted some of our own routing error handler (and seems if special errors doesn't triggers, it won't parse rest.... well you've got the overall idea).
In fact our real Special error handling is an encap assertion: