assertEquals("EXAMPLE.COM", auth.getUserDomain());
        }

        @Test
        @DisplayName("getUserDomain: explicit realm overrides")
        void getUserDomain_fromExplicitRealm() {
            Kerb5Authenticator auth = new Kerb5Authenticator(new Subject());
            auth.setRealm("REALM.TEST");
            assertEquals("REALM.TEST", auth.getUserDomain());
        }

        @Test

        // Act
        TestCredentials copy = creds.clone();

        // Assert
        assertNotSame(creds, copy, "clone must return a new instance");
        assertEquals(creds.getUserDomain(), copy.getUserDomain());
        assertEquals(creds.isAnonymous(), copy.isAnonymous());
        assertEquals(creds.isGuest(), copy.isGuest());
        assertSame(subject, copy.getSubject(), "subject is the same reference in clone");

     */
    @Override
    public boolean equals(Object obj) {
        if (obj instanceof NtlmPasswordAuthenticator ntlm) {
            String domA = ntlm.getUserDomain() != null ? ntlm.getUserDomain().toUpperCase() : null;
            String domB = this.getUserDomain() != null ? this.getUserDomain().toUpperCase() : null;
            return ntlm.type == this.type && Objects.equals(domA, domB) && ntlm.getUsername().equalsIgnoreCase(this.getUsername())

        NtlmPasswordAuthenticator cloned = original.clone();

        // Verify cloned values
        assertEquals(original.getUserDomain(), cloned.getUserDomain());
        assertEquals(original.getUsername(), cloned.getUsername());
        assertEquals(original.getPassword(), cloned.getPassword());

        // Verify password arrays are independent

        if (this.auth instanceof NtlmNtHashAuthenticator) {
            return new Type3Message(this.transportContext, msg2, this.targetName, this.auth.getNTHash(), this.auth.getUserDomain(),
                    this.auth.getUsername(), this.workstation, this.ntlmsspFlags);
        }

        // Use secure password handling
        String passwordString = null;
        if (this.auth.isGuest()) {

        // Clone and verify basic fields copied
        JAASAuthenticator copy = (JAASAuthenticator) orig.clone();
        assertEquals(orig.getUsername(), copy.getUsername());
        assertEquals(orig.getUserDomain(), copy.getUserDomain());
        assertEquals(orig.getPassword(), copy.getPassword());

        // Test the cloning behavior with both null and non-null cached subjects
        if (first != null) {

     * {@inheritDoc}
     *
     * @see java.lang.Object#hashCode()
     */
    @Override
    public int hashCode() {
        return super.hashCode();
    }

    @Override
    public String getUserDomain() {
        if (this.realm == null && this.getSubject() != null) {
            Set<Principal> pr = this.getSubject().getPrincipals();
            for (Iterator<Principal> ite = pr.iterator(); ite.hasNext();) {

    private Map<String, Map<String, CacheEntry<DfsReferralDataInternal>>> getTrustedDomains(final CIFSContext tf) throws SmbAuthException {
        if (tf.getConfig().isDfsDisabled() || tf.getCredentials().getUserDomain() == null
                || tf.getCredentials().getUserDomain().isEmpty()) {
            return null;
        }

        if (this._domains != null && System.currentTimeMillis() > this._domains.expiration) {
            this._domains = null;

        NtlmPasswordAuthentication capturedAuth = authCaptor.getValue();
        assertEquals("user", capturedAuth.getUsername());
        assertEquals("TEST_DOMAIN", capturedAuth.getUserDomain());

        verify(response, never()).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Test the service method with an existing valid session.

        when(mockConfig.getPid()).thenReturn(1234);
        when(mockCifsContext.getConfig()).thenReturn(mockConfig);

        // Mock credentials to prevent NPE
        when(mockCredentials.getUserDomain()).thenReturn("DOMAIN");
        when(mockCifsContext.getCredentials()).thenReturn(mockCredentials);

        // Create URL handler
        Handler urlHandler = new jcifs.smb.Handler(mockCifsContext);