ntlmServlet.init(servletConfig);
        when(request.getHeader("Authorization")).thenReturn(null);
        when(request.getSession(false)).thenReturn(null);
        lenient().when(request.isSecure()).thenReturn(true);

        ntlmServlet.service(request, response);

        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response).addHeader("WWW-Authenticate", "Basic realm=\"TestRealm\"");

        UniAddress dc;
        String msg;
        NtlmPasswordAuthentication ntlm = null;
        msg = req.getHeader("Authorization");
        final boolean offerBasic = enableBasic && (insecureBasic || req.isSecure());

        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {
            if (msg.startsWith("NTLM ")) {
                final HttpSession ssn = req.getSession();

    }

    /**
     * Determines whether the user identification cookie should be marked as secure.
     * Checks the configured secure setting or examines request headers to detect HTTPS.
     *
     * @return true if the cookie should be secure, false otherwise
     */
    protected boolean isSecureCookie() {
        if (cookieSecure != null) {
            return cookieSecure;

        filter.init(filterConfig);

        // Test request over insecure connection
        when(request.getHeader("Authorization")).thenReturn(null);
        when(request.isSecure()).thenReturn(false);
        when(httpSession.getAttribute("NtlmHttpAuth")).thenReturn(null);

        filter.doFilter(request, response, filterChain);

        Address dc;
        String msg;
        NtlmPasswordAuthentication ntlm = null;
        msg = req.getHeader("Authorization");
        final boolean offerBasic = this.enableBasic && (this.insecureBasic || req.isSecure());

        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {
            if (msg.startsWith("NTLM ")) {
                final HttpSession ssn = req.getSession();

                possibleWorkgroup = false;
            }
        }

        msg = req.getHeader("Authorization");
        offerBasic = this.enableBasic && (this.insecureBasic || req.isSecure());

        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {

            if (msg.startsWith("NTLM ")) {
                byte[] challenge;

            final String forwardedProto = request.getHeader("X-Forwarded-Proto");
            if ("https".equalsIgnoreCase(forwardedProto)) {
                return true;
            }
            return request.isSecure();
        }
        return Constants.TRUE.equalsIgnoreCase(secure);
    }

    /**
     * Interface for rewriting search request parameters.
     *

                possibleWorkgroup = false;
            }
        }

        msg = req.getHeader("Authorization");
        offerBasic = enableBasic && (insecureBasic || req.isSecure());

        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {

            if (msg.startsWith("NTLM ")) {
                byte[] challenge;

        case 1:
            // NTLMv1 - deprecated and insecure
            log.warn("NTLMv1 LM response is deprecated and insecure. Consider using NTLMv2.");
            return NtlmUtil.getPreNTLMResponse(tc, getPasswordAsCharArray(), chlng);
        case 2:
            // NTLMv1 with NTLM response - still insecure
            log.warn("NTLMv1 NTLM response is deprecated and insecure. Consider using NTLMv2.");

        // Then
        assertNotNull(nonce1, "First secure nonce should not be null");
        assertNotNull(nonce2, "Second secure nonce should not be null");
        assertFalse(Arrays.equals(nonce1, nonce2), "Secure nonces should be different");
        assertTrue(nonce1.length > 0, "Secure nonce should have proper length");
    }

    @Test
    @DisplayName("Should handle concurrent secure nonce generation safely")