public TestLoginCredentialResolver() {
            super(null); // Pass null since we're mocking
        }

        @Override
        public <CREDENTIAL extends LoginCredential> void resolve(final Class<CREDENTIAL> credentialType,
                final Function<CREDENTIAL, OptionalEntity<FessUser>> oneArgLambda) {
            this.resolveCalled = true;
            this.lastCredentialType = credentialType;

        };

        // Verify SSO is available
        assertTrue(ssoManager.available());

        // Verify login credential retrieval
        LoginCredential credential = ssoManager.getLoginCredential();
        assertNotNull(credential);
        assertEquals("samluser", ((TestLoginCredential) credential).username);

        // Verify response retrieval

        }

    }

    /**
     * Resolves the SPNEGO credential to a user entity.
     *
     * This method handles the resolution of SPNEGO credentials by checking
     * if the user is an admin user or needs to be authenticated through LDAP.
     *
     * @param resolver The credential resolver to use for user lookup
     */
    @Override

    public void test_getLoginCredential_withRequest() {
        // With a request context, should return ActionResponseCredential for OAuth redirect
        final var credential = authenticator.getLoginCredential();
        assertNotNull(credential);
        assertTrue(credential instanceof ActionResponseCredential);
    }

    @Test
    public void test_parseJwtClaim_nestedArray() throws IOException {

    }

    /**
     * Log the login failure activity.
     * @param credential The credential.
     */
    public void loginFailure(final OptionalThing<LoginCredential> credential) {
        final Map<String, String> valueMap = new LinkedHashMap<>();
        valueMap.put("action", Action.LOGIN_FAILURE.name());
        credential.ifPresent(c -> {
            valueMap.put("class", c.getClass().getSimpleName());

            }

        }).orElse(null);
    }

    /**
     * Creates a login credential.
     * @param request The HTTP request.
     * @param response The HTTP response.
     * @param auth The SAML authentication.
     * @return The login credential.
     */

 * methods specific to the Fess application.
 */
public class SystemUtil extends org.codelibs.core.lang.SystemUtil {

    private static final String DEFAULT_SENSITIVE_PATTERN = ".*password.*|.*secret.*|.*key.*|.*token.*|.*credential.*|.*auth.*|.*private.*";

    private static volatile Pattern sensitivePattern;

    /**
     * Private constructor to prevent instantiation.
     */
    private SystemUtil() {
    }

    /**

    }

    @Test
    public void test_loginFailure_withCredential() {
        activityHelper.useEcsFormat = false;
        LoginCredential credential = new TestLoginCredential();
        activityHelper.loginFailure(OptionalThing.of(credential));
        String result = localLogMsg.get();
        assertTrue(result.contains("action:LOGIN_FAILURE"));
        assertTrue(result.contains("class:TestLoginCredential"));

    public String spnegoPromptNtlm;

    /** Enable or disable SPNEGO localhost authentication. */
    @Size(max = 10)
    public String spnegoAllowLocalhost;

    /** Enable or disable SPNEGO credential delegation. */
    @Size(max = 10)
    public String spnegoAllowDelegation;

    /** SPNEGO directories to exclude from authentication. */
    @Size(max = 1000)
    public String spnegoExcludeDirs;

    @Test
    public void test_maskSensitiveValue_withCredential() {
        assertEquals("********", SystemUtil.maskSensitiveValue("GOOGLE_CREDENTIALS", "{}"));
        assertEquals("********", SystemUtil.maskSensitiveValue("credential", "user:pass"));
    }

    @Test
    public void test_maskSensitiveValue_withAuth() {
        assertEquals("********", SystemUtil.maskSensitiveValue("BASIC_AUTH", "dXNlcjpwYXNz"));