Yes, you have to return non-401 response, since you cannot change the browser behaviour in that the browser will always display the popup.
see also How to prevent browser to invoke basic auth popup and handle 401 error using Jquery?
you change the response by modifying/overriding the DigestAuthenticator and setting a different response, or use a filter that will detect a 401 and switch it to another status.