httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
} else {
// check user access for request
if (user.canAdmin() || canAccess(model, user, urlRequestType)) {
// authenticated request permitted.
// pass processing to the restricted servlet.
newSession(authenticatedRequest, httpResponse);
logger.info(MessageFormat.format("ARF: {0} ({1}) authenticated", fullUrl,
HttpServletResponse.SC_CONTINUE));