}
  }

  /** Runs a runnable without any permissions. */
  public void runWithoutPermissions(Runnable r) {
    runWithPermissions(r);
  }

  /** A security policy where new permissions can be dynamically added or all cleared. */
  public static class AdjustablePolicy extends Policy {
    Permissions perms = new Permissions();

    AdjustablePolicy(Permission... permissions) {

    }

    /**
     * Checks if a permission string is a user permission.
     *
     * @param permission The permission string.
     * @return true if it is a user permission, false otherwise.
     */
    public boolean isUserPermission(final String permission) {
        if (StringUtil.isNotBlank(permission)) {
            return permission.startsWith(ComponentUtil.getFessConfig().getRoleSearchUserPrefix());

     *
     * @param searchRequestParams The search request parameters
     * @param data The search render data to populate with results
     * @param userBean Optional user information for permission checking
     */
    public void search(final SearchRequestParams searchRequestParams, final SearchRenderData data,
            final OptionalThing<FessUserBean> userBean) {

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

    }

    /**
     * Gets the permission fields for Entra ID authentication.
     * Uses new entraid.permission.fields key with fallback to legacy aad.permission.fields.
     * @return Array of permission field names.
     */
    default String[] getEntraIdPermissionFields() {
        String value = getSystemProperty("entraid.permission.fields", null);
        if (StringUtil.isBlank(value)) {

        fileProtocols[fileProtocols.length - 1] = prefix;
    }

    /**
     * Checks if the given URL is a file path protocol that requires directory and permission handling.
     * Used for incremental crawling directory detection and file permission processing.
     *
     * @param url the URL to check
     * @return true if the URL uses a file path protocol (smb, smb1, file, ftp, s3, gcs)
     */

commit.

Contributor License Agreement
-----------------------------

Contributions to any Google project must be accompanied by a Contributor
License Agreement. This is not a copyright _assignment_; it simply gives
Google permission to use and redistribute your contributions as part of the
project.

  - If you are an individual writing original source code and you're sure you
    own the intellectual property, then you'll need to sign an [individual

                sb.append(curChar);
            }
        }
        return sb.toString();
    }

    /**
     * Normalizes a permission name based on configuration settings.
     *
     * @param name the permission name to normalize
     * @return the normalized permission name
     */
    public String normalizePermissionName(final String name) {
        if (fessConfig.isLdapLowercasePermissionName()) {

 * <ul>
 * <li>Incremental crawling support with last-modified timestamp checking</li>
 * <li>Document expiration handling</li>
 * <li>Child URL extraction and queueing</li>
 * <li>Integration with Fess configuration and permission systems</li>
 * <li>Client selection based on URL patterns</li>
 * </ul>
 *
 * @see CrawlerThread
 * @see org.codelibs.fess.crawler.client.CrawlerClient
 */
public class FessCrawlerThread extends CrawlerThread {

						<data>
							<type>file</type>
							<src>${project.build.directory}/generated-packaging/deb/copyright</src>
							<dst>/usr/share/doc/fess/copyright</dst>
						</data>
						<!-- Adds and sets permission on default directories -->
						<data>
							<type>template</type>
							<paths>
								<path>${packaging.fess.pid.dir}</path>
							</paths>
							<mapper>
								<type>perm</type>