ssn.setAttribute("NtlmHttpAuth", ntlm);
            ssn.setAttribute("ntlmdomain", ntlm.getDomain());
            ssn.setAttribute("ntlmuser", ntlm.getUsername());
        } else {
            final HttpSession ssn = request.getSession(false);
            if (ssn == null || ssn.getAttribute("NtlmHttpAuth") == null) {
                response.setHeader("WWW-Authenticate", "NTLM");
                if (offerBasic) {

    /**
     * Gets the NTLM-specific parameters.
     * Used when authSchemeType is NTLM.
     *
     * @return the NTLM parameters
     */
    public Map<String, String> getNtlmParameters() {
        return ntlmParameters;
    }

    /**
     * Sets the NTLM-specific parameters.
     *
     * @param ntlmParameters the NTLM parameters
     */

    }

    @Test
    @DisplayName("auth type is always NTLM")
    void testAuthTypeConstant(@Mock HttpServletRequest mockRequest, @Mock Principal mockPrincipal) {
        // No need to stub getName() since we're not calling getRemoteUser()
        NtlmHttpServletRequest request = new NtlmHttpServletRequest(mockRequest, mockPrincipal);
        assertEquals("NTLM", request.getAuthType());

 * {@code NtlmServlet}, and {@code NetworkExplorer} to negotiate password
 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.
 * <p>
 * Also, read <a

     * Verifies that the method always returns "NTLM".
     */
    @Test
    void testGetAuthType() {
        // Arrange: Define the expected authentication type
        String expectedAuthType = "NTLM";

        // Act: Call the method under test
        String actualAuthType = ntlmRequest.getAuthType();

        // Assert: Verify that the returned authentication type is "NTLM"

            }
            NtlmPasswordAuthentication ntlm;
            if (msg.startsWith("NTLM ")) {
                final byte[] challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), dc);
                ntlm = NtlmSsp.authenticate(getTransportContext(), request, response, challenge);
                if (ntlm == null) {
                    return;
                }

        // This test is simplified to verify basic handshake behavior
        // Full NTLM handshake testing would require more complex mocking

        // Arrange - Mock a server that supports NTLM
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized", Collections.singletonMap("WWW-Authenticate", Collections.singletonList("NTLM")),
                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake

        NtlmPasswordAuthentication ntlm = negotiate(req, resp, false);

        if (ntlm == null) {
            return;
        }

        chain.doFilter(new NtlmHttpServletRequest(req, ntlm), response);
    }

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     * @param req The servlet request
     * @param resp The servlet response

        // Should only offer NTLM, not Basic auth
        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response, never()).addHeader(eq("WWW-Authenticate"), eq("Basic realm=\"TestRealm\""));
    }

    @Test
    void testDoFilter_ntlmType1Message() throws Exception {
        // Test NTLM Type 1 message handling

    void createContext_forceFallback_triggersNtlmAndFailsOnNonNtlmToken() throws CIFSException {
        when(tc.getConfig()).thenReturn(config);
        when(config.isAllowNTLMFallback()).thenReturn(true);
        when(config.isUseRawNTLM()).thenReturn(false);

        // Enable NTLM fallback by providing NTLM creds in constructor