import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

        ntlmServlet.service(request, response);

        // Verify that no authentication challenge is sent
        verify(response, never()).setHeader(eq("WWW-Authenticate"), anyString());
        verify(response, never()).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Helper method to set up common mocks required for authentication tests.
     * @throws CIFSException

import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

import java.io.IOException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like Passlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

        // Verify that the response is not modified for a successful authentication
        verify(mockResponse, never()).setHeader(anyString(), anyString());
        verify(mockResponse, never()).setStatus(any(int.class));
    }

    /**
     * Test case for the instance method doAuthentication.
     * It should just delegate to the static authenticate method.

            Thread.sleep(150);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }

        assertTrue(durableInfo.isExpired());

        // Test persistent handle (never expires)
        HandleInfo persistentInfo = new HandleInfo("/test/file2.txt", new HandleGuid(), testFileId, HandleType.PERSISTENT, 0, null);

        try {
            Thread.sleep(50);

    * An example is `404`, for a "Not Found" response.
    * For generic errors from the client, you can just use `400`.
* `500 - 599` are for server errors. You almost never use them directly. When something goes wrong at some part in your application code, or server, it will automatically return one of these status codes.

/// tip

                // already connecting
                this.thread.wait(timeout); /* wait for doConnect */
                st = this.state;
                switch (st) {
                case 1: /* doConnect never returned */
                    this.state = 6;
                    cleanupThread(timeout);
                    throw new ConnectionTimeoutException("Connection timeout");
                case 2:

	dynamicTimeoutLogSize              = 16
	maxDuration                        = math.MaxInt64
	maxDynamicTimeout                  = 24 * time.Hour // Never set timeout bigger than this.
)

// timeouts that are dynamically adapted based on actual usage results
type dynamicTimeout struct {
	timeout       int64
	minimum       int64
	entries       int64

Finally, the identity of our heroes is protected! 🥷

It also re-declares `id: int`. By doing this, we are making a **contract** with the API clients, so that they can always expect the `id` to be there and to be an `int` (it will never be `None`).

/// tip

Having the return model ensure that a value is always available and always `int` (not `None`) is very useful for the API clients, they can write much simpler code having this certainty.