Bad implementation of AuthStaticFileHandler leads to false positive

For some reason wagon 2.0 ignores the return code and since the original AuthStaticFileHandler would return the static file regardless the test would pass. Switching back to wagon 1.0-beta-7 (which comes with Maven 3.0.3) exposes this problem as it does abide the return code.

Given http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 it is clear that the handler is implementing authentication incorrectly since it must include a WWW-Authenticate header field in the response.