content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Page not found
      content:
        application/json:
          schema:

        // Full NTLM handshake testing would require more complex mocking

        // Arrange - Mock a server that supports NTLM
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized", Collections.singletonMap("WWW-Authenticate", Collections.singletonList("NTLM")),
                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake

        assertDoesNotThrow(() -> ntlmServlet.init(servletConfig));
    }

    /**
     * Test the service method when no Authorization header is present and no session exists.
     * Expects a 401 Unauthorized response with NTLM and Basic authentication challenges.
     * @throws ServletException
     * @throws IOException
     */
    @Test
    void testService_NoAuthHeader_NoSession() throws ServletException, IOException {

  /**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *

        if (!requestManager.findUserBean(FessUserBean.class).map(user -> user.hasRoles(acceptedRoles)).orElse(Boolean.FALSE)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized access: " + request.getServletPath());
            return;
        }

        try {
            getSessionManager().getAttribute(Constants.SEARCH_ENGINE_API_ACCESS_TOKEN, String.class).ifPresent(token -> {

        /** Bad request status indicating client error. */
        BAD_REQUEST(1),
        /** System error status indicating server error. */
        SYSTEM_ERROR(2),
        /** Unauthorized status indicating authentication failure. */
        UNAUTHORIZED(3),
        /** General failure status. */
        FAILED(9);

        private final int id;

        Status(final int id) {
            this.id = id;
        }

errors.invalid_header_for_request_file=Invalid header line: {0}
errors.could_not_delete_logged_in_user=You cannot delete a user who is logged in.
errors.unauthorized_request=Unauthorized request.
errors.failed_to_print_thread_dump=Failed to print a thread dump.
errors.file_is_not_supported={0} is not supported.
errors.plugin_file_is_not_found={0} is not found.

errors.invalid_header_for_request_file=Invalid header line: {0}
errors.could_not_delete_logged_in_user=You cannot delete a user who is logged in.
errors.unauthorized_request=Unauthorized request.
errors.failed_to_print_thread_dump=Failed to print a thread dump.
errors.file_is_not_supported={0} is not supported.
errors.plugin_file_is_not_found={0} is not found.

        try {
            WebApiUtil.setError(200, "OK");
            WebApiUtil.setError(201, "Created");
            WebApiUtil.setError(400, "Bad Request");
            WebApiUtil.setError(401, "Unauthorized");
            WebApiUtil.setError(403, "Forbidden");
            WebApiUtil.setError(404, "Not Found");
            WebApiUtil.setError(500, "Internal Server Error");
            WebApiUtil.setError(502, "Bad Gateway");

            }
            if (status) {
                return new ActionResponseCredential(() -> {
                    throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized",
                            HttpServletResponse.SC_UNAUTHORIZED);
                });
            }

            // assert
            if (null == principal) {