In the new PortalAuthenticationFilter we use 2-phase authentication based on caught SecurityException. As long as Abdera doesn't propagate exceptions we can use AtomServlet only for unauthenticated or authenticated users, but not both at one time.
Please see attached Unable to embed resource: stacktrace.txt of type text/plain for quick orientation.
Abdera's AbstractProvider transforms all exceptions into response - http://grepcode.com/file/repo1.maven.org/maven2/org.apache.abdera/abdera-server/1.1.2/org/apache/abdera/protocol/server/impl/AbstractProvider.java?av=f#130
We need to fix it (for example provide own DefaultProvider) and override the AbstractProvider.process() method.