}

    /**
     * Gets the compiled pattern for matching sensitive property/environment variable keys.
     * The pattern is read from the system property 'app.log.sensitive.property.pattern'.
     * If not set, a default pattern matching common sensitive key names is used.
     *
     * @return The compiled Pattern for sensitive key matching
     */
    private static Pattern getSensitivePattern() {

    /**
     * Enable or disable sensitive data masking
     *
     * @param enable true to enable masking
     */
    public void setSensitiveDataMaskingEnabled(boolean enable) {
        this.maskSensitiveData = enable;
        log.info("Sensitive data masking {}", enable ? "enabled" : "disabled");
    }

    /**
     * Enable or disable high performance mode for sensitive data masking
     *

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java
logging.redactHeader("Authorization");

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

 *
 * <p><b>Security Note:</b> This class stores credentials in memory. For security best practices:
 * <ul>
 *   <li>Call {@link #clearCredentials()} after authentication is complete to clear sensitive data from memory</li>
 *   <li>Avoid logging instances of this class as it may expose credentials</li>
 *   <li>Consider using external secret management systems for credential storage in production</li>
 * </ul>
 *

	// as an audience value. It MAY also contain identifiers for
	// other audiences. In the general case, the aud value is an
	// array of case sensitive strings. In the common special case
	// when there is one audience, the aud value MAY be a single
	// case sensitive
	audValues, ok := policy.GetValuesFromClaims(mclaims, audClaim)
	if !ok {

    }

    @Test
    public void test_maskSensitiveValue_withPrivate() {
        assertEquals("********", SystemUtil.maskSensitiveValue("PRIVATE_DATA", "sensitive"));
        assertEquals("********", SystemUtil.maskSensitiveValue("private_config", "internal"));
    }

    @Test
    public void test_maskSensitiveValue_safeValues() {
        // These should NOT be masked

        setupVirtualHostHelper("/Site1", "/SITE2");

        // The current implementation is case-sensitive
        Boolean result = invokeIsValidVirtualHostPath("/site1");
        assertFalse("Case mismatch should be blocked (implementation is case-sensitive)", result);
    }

    // ===================================================================================

     * Used for compilation, execution and Javadoc among others.
     * The Java tools location is {@link StandardLocation#CLASS_PATH}.
     *
     * <h4>Context-sensitive interpretation</h4>
     * A dependency with this path type will not necessarily be placed on the class path.
     * There are two circumstances where the dependency may nevertheless be placed somewhere else:
     *
     * <ul>

    // ===================================================================================
    //

    // GET /api/admin/general
    /**
     * Returns the current general system settings.
     * Excludes sensitive information like LDAP security credentials from the response.
     *
     * @return JSON response containing the general settings configuration
     */
    @Execute
    public JsonResponse<ApiResult> get$index() {