}

    }

    /**
     * Resolves the SPNEGO credential to a user entity.
     *
     * This method handles the resolution of SPNEGO credentials by checking
     * if the user is an admin user or needs to be authenticated through LDAP.
     *
     * @param resolver The credential resolver to use for user lookup
     */
    @Override

    public void test_getLoginCredential_withRequest() {
        // With a request context, should return ActionResponseCredential for OAuth redirect
        final var credential = authenticator.getLoginCredential();
        assertNotNull(credential);
        assertTrue(credential instanceof ActionResponseCredential);
    }

    @Test
    public void test_parseJwtClaim_nestedArray() throws IOException {

    }

    /**
     * Log the login failure activity.
     * @param credential The credential.
     */
    public void loginFailure(final OptionalThing<LoginCredential> credential) {
        final Map<String, String> valueMap = new LinkedHashMap<>();
        valueMap.put("action", Action.LOGIN_FAILURE.name());
        credential.ifPresent(c -> {
            valueMap.put("class", c.getClass().getSimpleName());

            }

        }).orElse(null);
    }

    /**
     * Creates a login credential.
     * @param request The HTTP request.
     * @param response The HTTP response.
     * @param auth The SAML authentication.
     * @return The login credential.
     */

 * methods specific to the Fess application.
 */
public class SystemUtil extends org.codelibs.core.lang.SystemUtil {

    private static final String DEFAULT_SENSITIVE_PATTERN = ".*password.*|.*secret.*|.*key.*|.*token.*|.*credential.*|.*auth.*|.*private.*";

    private static volatile Pattern sensitivePattern;

    /**
     * Private constructor to prevent instantiation.
     */
    private SystemUtil() {
    }

    /**

    }

    @Test
    public void test_loginFailure_withCredential() {
        activityHelper.useEcsFormat = false;
        LoginCredential credential = new TestLoginCredential();
        activityHelper.loginFailure(OptionalThing.of(credential));
        String result = localLogMsg.get();
        assertTrue(result.contains("action:LOGIN_FAILURE"));
        assertTrue(result.contains("class:TestLoginCredential"));

    public String spnegoPromptNtlm;

    /** Enable or disable SPNEGO localhost authentication. */
    @Size(max = 10)
    public String spnegoAllowLocalhost;

    /** Enable or disable SPNEGO credential delegation. */
    @Size(max = 10)
    public String spnegoAllowDelegation;

    /** SPNEGO directories to exclude from authentication. */
    @Size(max = 1000)
    public String spnegoExcludeDirs;

    @Test
    public void test_maskSensitiveValue_withCredential() {
        assertEquals("********", SystemUtil.maskSensitiveValue("GOOGLE_CREDENTIALS", "{}"));
        assertEquals("********", SystemUtil.maskSensitiveValue("credential", "user:pass"));
    }

    @Test
    public void test_maskSensitiveValue_withAuth() {
        assertEquals("********", SystemUtil.maskSensitiveValue("BASIC_AUTH", "dXNlcjpwYXNz"));

        return request.getRequestURL().toString();
    }

    @Override
    public void resolveCredential(final LoginCredentialResolver resolver) {
        resolver.resolve(EntraIdCredential.class, credential -> OptionalEntity.of(credential.getUser()));
    }

    /**
     * Sets the token acquisition timeout.
     * @param acquisitionTimeout The timeout in milliseconds.
     */

# Regex pattern for sensitive values to mask in debug logs (case-insensitive match against property/env keys).
app.log.sensitive.property.pattern=.*password.*|.*secret.*|.*key.*|.*token.*|.*credential.*|.*auth.*|.*private.*

# Extension names for application customization.
app.extension.names=

# Audit log format.
app.audit.log.format=

# Script audit log settings.
script.audit.log.enabled=true