return globalAuthZPlugin
}

func setGlobalAuthNPlugin(authn *idplugin.AuthNPlugin) {
	globalAuthPluginMutex.Lock()
	globalAuthNPlugin = authn
	globalAuthPluginMutex.Unlock()
}

func setGlobalAuthZPlugin(authz *polplugin.AuthZPlugin) {
	globalAuthPluginMutex.Lock()
	globalAuthZPlugin = authz
	globalAuthPluginMutex.Unlock()
}

		Prefix: r.Form.Get("pattern"),
	})
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	// Get the cred and owner for checking authz below.
	cred, owner, s3Err := validateAdminSignature(ctx, r, "")
	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

		return ErrSTSAccessDenied
	}
}

func checkAssumeRoleAuth(ctx context.Context, r *http.Request) (auth.Credentials, APIErrorCode) {
	if !isRequestSignatureV4(r) {
		return auth.Credentials{}, ErrAccessDenied
	}

	s3Err := isReqAuthenticated(ctx, r, globalSite.Region(), serviceSTS)
	if s3Err != ErrNone {
		return auth.Credentials{}, s3Err
	}

	user, _, s3Err := getReqAccessKeyV4(r, globalSite.Region(), serviceSTS)

	logger.LogIf(ctx, "admin", err, errKind...)
}

func authNLogIf(ctx context.Context, err error, errKind ...any) {
	logger.LogIf(ctx, "authN", err, errKind...)
}

func authZLogIf(ctx context.Context, err error, errKind ...any) {
	logger.LogIf(ctx, "authZ", err, errKind...)
}

func peersLogIf(ctx context.Context, err error, errKind ...any) {
	if !errors.Is(err, grid.ErrDisconnected) {

		return updatedAt, errServerNotInitialized
	}

	if !auth.IsAccessKeyValid(accessKey) {
		return updatedAt, auth.ErrInvalidAccessKeyLength
	}

	if auth.ContainsReservedChars(accessKey) {
		return updatedAt, auth.ErrContainsReservedChars
	}

	if !auth.IsSecretKeyValid(ureq.SecretKey) {
		return updatedAt, auth.ErrInvalidSecretKeyLength
	}

	case accountName == globalActiveCred.AccessKey || newGlobalAuthZPluginFn() != nil:
		// For owner account and when plugin authZ is configured always set
		// effective policy as `consoleAdmin`.
		//
		// In the latter case, we let the UI render everything, but individual
		// actions would fail if not permitted by the external authZ service.
		for _, policy := range policy.DefaultPolicies {
			if policy.Name == "consoleAdmin" {

        NtlmPasswordAuthenticator auth1 =
                new NtlmPasswordAuthenticator("DOMAIN", "user", password1, NtlmPasswordAuthenticator.AuthenticationType.USER);

        assertEquals("DOMAIN", auth1.getUserDomain());
        assertEquals("user", auth1.getUsername());
        assertEquals("TypedPass123!", auth1.getPassword());
        assertFalse(auth1.isGuest());
        assertFalse(auth1.isAnonymous());

        assertNotEquals(auth1, auth4);
        assertNotEquals(auth1, new Object());
    }

    // Test hashCode method
    @Test
    void testHashCode() {
        NtlmPasswordAuthentication auth1 = new NtlmPasswordAuthentication("DOMAIN", "user", "password");
        NtlmPasswordAuthentication auth2 = new NtlmPasswordAuthentication("DOMAIN", "user", "password");
        assertEquals(auth1.hashCode(), auth2.hashCode());

                auth1.equals(auth3);
                auth2.equals(auth3);
            }
            long totalTime = System.nanoTime() - startTime;

            // Should complete in reasonable time (< 10ms for 3000 operations)
            assertTrue(totalTime < 10_000_000L, "Null/empty password comparisons taking too long: " + totalTime + " ns");
        } finally {
            auth1.close();

### API Change