// When
            ACE[] security1 = mockResource.getSecurity();
            ACE[] security2 = mockResource.getSecurity(true);
            ACE[] shareSecurity = mockResource.getShareSecurity(false);

            // Then
            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");

 * saml.default.groups=user
 * saml.default.roles=user
 * </pre>
 *
 * <h2>Security Settings (Production)</h2>
 * <p>For production environments, consider enabling these security features:</p>
 * <pre>
 * saml.security.authnrequest_signed=true
 * saml.security.want_messages_signed=true
 * saml.security.want_assertions_signed=true
 * </pre>
 *

        byte[] buffer = createBasicNegotiateResponseBuffer();

        // Add a small security buffer at a safe offset (after the fixed structure)
        SMBUtil.writeInt2(64, buffer, 56); // Security buffer offset (relative to header start)
        SMBUtil.writeInt2(8, buffer, 58); // Security buffer length

        // Add some dummy security data at offset 64 from start
        buffer[64] = (byte) 0x4E; // NTLMSSP signature start

        return Stream.of(Arguments.of(OWNER_SECURITY_INFORMATION, "Owner security information only"),
                Arguments.of(GROUP_SECURITY_INFORMATION, "Group security information only"),
                Arguments.of(DACL_SECURITY_INFORMATION, "DACL security information only"),
                Arguments.of(SACL_SECURITY_INFORMATION, "SACL security information only"),

        byte[] testGuid = new byte[16];
        for (int i = 0; i < 16; i++) {
            testGuid[i] = (byte) (i + 1);
        }
        System.arraycopy(testGuid, 0, buffer, bufferIndex + 4, 16);

        // Set security mode (2 bytes)
        int testSecurityMode = 0x0003;
        SMBUtil.writeInt2(testSecurityMode, buffer, bufferIndex + 20);

        // Set dialect (2 bytes)
        int testDialect = 0x0311;

    }

    @Test
    void testGetSecurityWithValidSecurityDescriptor() throws Exception {
        // Setup mock ShareInfo502 with a minimal valid security descriptor
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();
        // Create a minimal valid security descriptor binary
        // Format: revision(1) + sbz1(1) + control(2) + ownerOffset(4) + groupOffset(4) + saclOffset(4) + daclOffset(4) = 20 bytes minimum

        assertNull(response.getSecurityDescriptor());
    }

    @Test
    @DisplayName("Test readDataWireFormat with valid security descriptor")
    void testReadDataWireFormatWithValidSecurityDescriptor() throws Exception {
        // Create a minimal valid security descriptor buffer
        byte[] buffer = createValidSecurityDescriptorBuffer();

        // Set error code to 0
        setErrorCode(response, 0);

        final int negotiateContextOffset = SMBUtil.readInt4(buffer, bufferIndex);
        bufferIndex += 4;

        // Validate security buffer parameters
        if (securityBufferLength < 0 || securityBufferLength > 65536) { // 64KB max for security buffer
            throw new SMBProtocolDecodingException("Invalid security buffer length: " + securityBufferLength + " (must be 0-65536)");
        }
        if (securityBufferOffset < 0) {

    int FLAGS2_LONG_FILENAMES = 0x0001;
    /** Extended attributes supported flag */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /** Security signatures supported flag */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /** Extended security negotiation flag */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;
    /** Resolve paths in DFS flag */
    int FLAGS2_RESOLVE_PATHS_IN_DFS = 0x1000;

     */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /**
     * Security signatures are supported flag.
     */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /**
     * Security signatures are required flag.
     */
    int FLAGS2_SECURITY_REQUIRE_SIGNATURES = 0x0010;
    /**
     * Extended security negotiation is supported flag.
     */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;