* This class extends FessApiAction to provide admin-specific functionality
 * including enhanced access control for administrative operations.
 *
 * <p>Admin API actions require special permissions and access tokens
 * that are validated against the admin role configuration.</p>
 */
public abstract class FessApiAdminAction extends FessApiAction {

    /** Logger instance for this class. */

     * Reloads the document index by closing and reopening it.
     *
     * @param form the action form (validated but not used for configuration)
     * @return HTML response redirecting to the maintenance page
     */
    @Execute
    @Secured({ ROLE })
    public HtmlResponse reloadDocIndex(final ActionForm form) {
        validate(form, messages -> {}, this::asIndexHtml);
        verifyToken(this::asIndexHtml);

        bean.setSpecialCron("invalid");

        // Validate default group
        Set<ConstraintViolation<GroupTestBean>> violations = validator.validate(bean, Default.class);
        assertEquals(1, violations.size());
        assertTrue(violations.iterator().next().getPropertyPath().toString().contains("defaultCron"));

        // Validate special group
        violations = validator.validate(bean, SpecialGroup.class);

    }

    /**
     * Creates an encrypted user code from a user ID.
     * The user ID is encrypted using the primary cipher and validated against the configuration.
     *
     * @param userCode the raw user ID to encrypt
     * @return the encrypted and validated user code, or null if invalid
     */
    protected String createUserCodeFromUserId(String userCode) {

      DIGIT_MATCHER.or(LETTER_MATCHER).or(DASH_MATCHER);

  /**
   * Helper method for {@link #validateSyntax(List)}. Validates that one part of a domain name is
   * valid.
   *
   * @param part The domain name part to be validated
   * @param isFinalPart Is this the final (rightmost) domain part?
   * @return Whether the part is valid
   */

- kube-apiserver `--admission-control-config-file` files are now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. ([#128013](https://github.com/kubernetes/kubernetes/pull/128013), [@seans3](https://github.com/seans3))

            throw new SsoLoginException("unexpected set of artifacts received");
        }
    }

    /**
     * Validates the OAuth2 state parameter.
     * @param session The HTTP session containing stored state data.
     * @param state The state parameter to validate.
     * @return The validated state data.
     */
    protected StateData validateState(final HttpSession session, final String state) {

 *     .cacheControl(new CacheControl.Builder().noCache().build())
 *     .url("http://publicobject.com/helloworld.txt")
 *     .build();
 * ```
 *
 * If it is only necessary to force a cached response to be validated by the server, use the more
 * efficient `max-age=0` directive instead:
 *
 * ```java
 * Request request = new Request.Builder()
 *     .cacheControl(new CacheControl.Builder()
 *         .maxAge(0, TimeUnit.SECONDS)

=== ":material-language-kotlin: Kotlin"
    ```kotlin
      private val client: OkHttpClient = OkHttpClient.Builder()
          .cache(Cache(
              directory = cacheDirectory,

- github.com/envoyproxy/go-control-plane: [v0.12.0 → v0.13.0](https://github.com/envoyproxy/go-control-plane/compare/v0.12.0...v0.13.0)
- github.com/envoyproxy/protoc-gen-validate: [v1.0.4 → v1.1.0](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.4...v1.1.0)
- github.com/go-logfmt/logfmt: [v0.5.1 → v0.4.0](https://github.com/go-logfmt/logfmt/compare/v0.5.1...v0.4.0)