Returns an authentication failure response, which defaults to a
plain text "access denied" response.  :status and :body can be
overriden via keys in denied-response, and :headers from
denied-response are merged into those of the default response.
realm defaults to "restricted area" if not given.

Note: this function not aware of what kind of request it is building
a response for and thus can not avoid sending no body on a HEAD
request.  The wrap-basic-authentication middleware will provide a
customized denied-response but if used outside that wrapper consider
setting :body to nil for HEAD requests.

Authenticates the given request against using auth-fn. The value
returned by auth-fn is assoc'd onto the request as
:basic-authentication.  Thus, a truthy value of
:basic-authentication on the returned request indicates successful
authentication, and a false or nil value indicates authentication
failure.

Wrap response with a basic authentication challenge as described in
RFC2617 section 2.

The authenticate function is called with two parameters, the userid
and password, and should return a value when the login is valid.  This
value is added to the request structure with the :basic-authentication
key.

The realm is a descriptive string visible to the visitor.  It,
together with the canonical root URL, defines the protected resource
on the server.

The denied-response is a ring response structure which will be
returned when authorization fails.  The appropriate status and
authentication headers will be merged into it.  It defaults to plain
text 'access denied' response.