/**
     * Pre-processes API requests by checking access authorization before executing the action.
     * If access is not allowed, returns an unauthorized error response.
     *
     * @param runtime the action runtime context containing request information
     * @return ActionResponse with unauthorized error if access denied, otherwise delegates to parent
     */
    @Override
    public ActionResponse godHandPrologue(final ActionRuntime runtime) {

        ApiResult badRequestResult = new ApiResult.ApiResponse().status(Status.BAD_REQUEST).result();
        assertNotNull(badRequestResult);

        // Test UNAUTHORIZED status
        ApiResult unauthorizedResult = new ApiResult.ApiResponse().status(Status.UNAUTHORIZED).result();
        assertNotNull(unauthorizedResult);

        // Test FAILED status

    public ApiResponse handleApplicationException(final ApiFailureResource resource, final RuntimeException cause) {
        if (cause instanceof LoginUnauthorizedException) {
            return asJson(createFailureBean(Status.UNAUTHORIZED, "Unauthorized request.")).httpStatus(HTTP_UNAUTHORIZED);
        }
        return asJson(createFailureBean(Status.BAD_REQUEST, createMessage(resource, cause))).httpStatus(HTTP_BAD_REQUEST);
    }

        // Full NTLM handshake testing would require more complex mocking

        // Arrange - Mock a server that supports NTLM
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized", Collections.singletonMap("WWW-Authenticate", Collections.singletonList("NTLM")),
                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake

        assertDoesNotThrow(() -> ntlmServlet.init(servletConfig));
    }

    /**
     * Test the service method when no Authorization header is present and no session exists.
     * Expects a 401 Unauthorized response with NTLM and Basic authentication challenges.
     * @throws ServletException
     * @throws IOException
     */
    @Test
    void testService_NoAuthHeader_NoSession() throws ServletException, IOException {

  /**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *

For the simplest cases, you can use HTTP Basic Auth.

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

If it doesn't see an `Authorization` header, or the value doesn't have a `Bearer ` token, it will respond with a 401 status code error (`UNAUTHORIZED`) directly.

You don't even have to check if the token exists to return an error. You can be sure that if your function is executed, it will have a `str` in that token.

You can try it already in the interactive docs:

        if (!requestManager.findUserBean(FessUserBean.class).map(user -> user.hasRoles(acceptedRoles)).orElse(Boolean.FALSE)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized access: " + request.getServletPath());
            return;
        }

        try {
            getSessionManager().getAttribute(Constants.SEARCH_ENGINE_API_ACCESS_TOKEN, String.class).ifPresent(token -> {

        /** Bad request status indicating client error. */
        BAD_REQUEST(1),
        /** System error status indicating server error. */
        SYSTEM_ERROR(2),
        /** Unauthorized status indicating authentication failure. */
        UNAUTHORIZED(3),
        /** General failure status. */
        FAILED(9);

        private final int id;

        Status(final int id) {
            this.id = id;
        }