@VisibleForTesting
  static int handleMarkingDocumentSecurity(
      HttpServletRequest req, HttpServletResponse res, Document metadata) throws IOException {
    if (req.getHeader("Authorization") != null) {
      // GSA logged in; it is aware of the access restrictions on the document.
      return HttpServletResponse.SC_OK;
    }

    if (metadata == null) {
      return HttpServletResponse.SC_SERVICE_UNAVAILABLE;
    }

    ValueImpl isPublicVal;
    try {
      isPublicVal = (ValueImpl) Value.getSingleValue(metadata, SpiConstants.PROPNAME_ISPUBLIC);
    } catch (RepositoryException ex) {
      LOGGER.log(Level.WARNING, "Failed retrieving isPublic property", ex);
      return HttpServletResponse.SC_SERVICE_UNAVAILABLE;
    }
    boolean isPublic = isPublicVal == null || isPublicVal.toBoolean();

    if (isSecurityHeaderSupported()) {
      res.setHeader("X-Gsa-Serve-Security", isPublic ? "public" : "secure");
      return HttpServletResponse.SC_OK;
    } else {
      if (isPublic) {
        return HttpServletResponse.SC_OK;
      } else {
        res.setHeader("WWW-Authenticate", "Basic realm=\"Retriever\"");
        return HttpServletResponse.SC_UNAUTHORIZED;
      }
    }
  }
 /** Adds one Property's values to the metadata header under contruction. */
 private static void encodeOneProperty(StringBuilder sb, String name, Property property)
     throws RepositoryException {
   ValueImpl value;
   while ((value = (ValueImpl) property.nextValue()) != null) {
     LOGGER.log(Level.FINEST, "PROPERTY: {0} = \"{1}\"", new Object[] {name, value.toString()});
     String valString = value.toFeedXml();
     if (!Strings.isNullOrEmpty(valString)) {
       ServletUtil.percentEncode(sb, name, valString);
       sb.append(',');
     }
   }
 }