* Java 5 annotation for describing service layer security attributes.
 *
 * <p>
 * The <code>Secured</code> annotation is used to define a list of security configuration
 * attributes for business methods.
 * <p>
 * For example:
 *
 * <pre>
 * &#064;Secured({ &quot;ROLE_USER&quot; })
 * public void create(Contact contact);
 *
 * &#064;Secured({ &quot;ROLE_USER&quot;, &quot;ROLE_ADMIN&quot; })
 * public void update(Contact contact);
 *

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.admin.failureurl;

import org.codelibs.fess.Constants;
import org.codelibs.fess.annotation.Secured;
import org.codelibs.fess.app.pager.FailureUrlPager;
import org.codelibs.fess.app.service.FailureUrlService;
import org.codelibs.fess.app.web.CrudMode;
import org.codelibs.fess.app.web.base.FessAdminAction;

     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse index() {
        return asIndexHtml();
    }

    /**
     * Downloads a log file by its encoded ID.
     *
     * @param id the Base64 encoded filename of the log file to download
     * @return ActionResponse containing the log file stream
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })

```

## Architecture Patterns

### Action (Controller)
- Hierarchy: `TypicalAction` → `FessBaseAction` → `FessAdminAction`/`FessSearchAction`
- `@Execute` marks web endpoints
- `@Resource` for DI
- `@Secured({ "role", "role-view" })` for authorization
- Return `HtmlResponse` for JSP, `JsonResponse` for APIs

### Service
- Inject behaviors (Bhv) for data access
- Use `OptionalEntity<T>` for nullable returns

 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.admin.dict;

import org.codelibs.fess.annotation.Secured;
import org.codelibs.fess.app.web.base.FessAdminAction;
import org.codelibs.fess.dict.DictionaryFile;
import org.codelibs.fess.dict.DictionaryItem;
import org.codelibs.fess.dict.DictionaryManager;

        DuplicateHost host2 = new DuplicateHost();
        host2.setRegularName("secure.example.com");
        host2.setDuplicateHostName("www.example.com");
        helper.duplicateHostList.add(host2);

        String url = "http://example.com/test";
        String result = helper.convert(url);

        assertEquals("http://secure.example.com/test", result);
    }

#                                                     Tomcat
#                                                     ------
tomcat.URIEncoding = UTF-8
tomcat.useBodyEncodingForURI = true
#tomcat.secure=false
#tomcat.scheme=http
#tomcat.bindAddress=127.0.0.1
#tomcat.proxyPort=

    @Test
    public void test_isFileSystemPath_https_protocol_not_file_system() {
        assertFalse(goAction.isFileSystemPath("https://example.com/path/file.txt"));
        assertFalse(goAction.isFileSystemPath("https://secure.example.com/file.txt"));
    }

    @Test
    public void test_isFileSystemPath_other_protocols_not_file_system() {
        assertFalse(goAction.isFileSystemPath("mailto:******@****.***"));

     * This method searches for 'fess_ds++.xml' configuration files within JAR files
     * in the data store plugin directory and extracts component class names.
     *
     * <p>The method uses secure XML parsing features to prevent XXE attacks and
     * other XML-based vulnerabilities. Component class names are extracted from
     * the 'class' attribute of 'component' elements in the XML files.</p>
     *