boolean rvalue = false;
boolean isMandatory = true;
try {
WebSecurityManager webSecMgr = getWebSecurityManager(true);
isMandatory = !webSecMgr.permitAll(req);
//Issue - 9578 - produce user challenge if call originates from HttpRequest.authenticate
if (isMandatory || calledFromAuthenticate) {
messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
Boolean.TRUE.toString());
}