* governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.base.login;

import org.lastaflute.web.login.credential.LoginCredential;

/**
 * SPNEGO authentication credential implementation.
 *
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the

import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;

import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;

/**
 * Microsoft Entra ID credential implementation for Fess authentication.
 * Provides login credential functionality using Entra ID authentication results.
 */

 */
package org.codelibs.fess.app.web.base.login;

/**
 * Interface for Fess credential management.
 * Provides access to user identification information.
 */
public interface FessCredential {

    /**
     * Gets the user ID for this credential.
     * @return The user ID.
     */
    String getUserId();

import org.codelibs.fess.helper.SystemHelper;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.saml2.Auth;
import org.lastaflute.web.login.credential.LoginCredential;

/**
 * Credential for SAML authentication.
 */
public class SamlCredential implements LoginCredential, FessCredential {

    private final Map<String, List<String>> attributes;

    private final String nameId;

import org.codelibs.fess.util.DocumentUtil;
import org.lastaflute.web.login.credential.LoginCredential;

/**
 * OpenID Connect credential implementation.
 */
public class OpenIdConnectCredential implements LoginCredential, FessCredential {

    private final Map<String, Object> attributes;

    /**
     * Creates a new OpenID Connect credential.
     *
     * @param attributes the attributes from OpenID Connect provider

 */
public interface SsoAuthenticator {

    /**
     * Gets the login credential for SSO authentication.
     * @return The login credential.
     */
    LoginCredential getLoginCredential();

    /**
     * Resolves credential using the provided resolver.
     * @param resolver The login credential resolver.
     */
    void resolveCredential(LoginCredentialResolver resolver);

    /**

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.base.login;

import org.lastaflute.web.login.credential.UserPasswordCredential;

/**
 * The credential for a local user.
 */
public class LocalUserCredential extends UserPasswordCredential implements FessCredential {
    /**

 */
package org.codelibs.fess.app.web.base.login;

import java.util.function.Supplier;

import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.response.ActionResponse;

/**
 * The credential for action response.
 */
public class ActionResponseCredential implements LoginCredential {

    private final Supplier<ActionResponse> action;

    /**

    }

    /**
     * Attempts to obtain login credentials using the configured SSO authenticator.
     *
     * @return The login credential from SSO authentication, or null if SSO is not available
     *         or no credential could be obtained
     */
    public LoginCredential getLoginCredential() {
        if (available()) {
            final SsoAuthenticator authenticator = getAuthenticator();

 * methods specific to the Fess application.
 */
public class SystemUtil extends org.codelibs.core.lang.SystemUtil {

    private static final String DEFAULT_SENSITIVE_PATTERN = ".*password.*|.*secret.*|.*key.*|.*token.*|.*credential.*|.*auth.*|.*private.*";

    private static volatile Pattern sensitivePattern;

    /**
     * Private constructor to prevent instantiation.
     */
    private SystemUtil() {
    }

    /**