* (And even if annotations on local variables were permitted as an optional hint, no annotation
   * would be the right tool for the job here: {@code @Nullable} is the annotation that we're trying
   * to get rid of, and {@code @NonNull} would be wrong for our use case for the same reason as
   * {@code requireNonNull}: Our use case is the one in which {@code T} has parametric nullness—and

        // Constructor accepts null principal without throwing exception
        NtlmHttpServletRequest request = new NtlmHttpServletRequest(mockRequest, null);

        // getRemoteUser() will throw NPE when trying to call getName() on null principal
        assertThrows(NullPointerException.class, () -> request.getRemoteUser());
        assertNull(request.getUserPrincipal());
        assertEquals("NTLM", request.getAuthType());
    }

      this.a = "x";
      this.b = b;
    }

    // keep trying
    @Keep
    static GoodEquals create(int a, int b) {
      throw new RuntimeException();
    }

    // Good!
    static GoodEquals create(String a, int b) {
      return new GoodEquals(a, b);
    }

    // keep trying
    @Keep
    public static @Nullable GoodEquals createMayReturnNull(int a, int b) {

     * @param size the desired length of the resulting hex string (will be left-padded with zeros)
     * @return a hexadecimal string representation of the value, padded to the specified size
     */
    public static String toHexString(final int val, final int size) {
        final char[] c = new char[size];
        toHexChars(val, c, 0, size);
        return new String(c);
    }

    /**

    // The task thread waits for the latch, so we expect a timeout here.
    try {
      future.get(20, MILLISECONDS);
      fail("Should have timed out trying to get the value.");
    } catch (TimeoutException expected) {
    } finally {
      latch.countDown();
    }
  }

  /**
   * Tests that a canceled future throws a cancellation exception.
   *

 *     [RealConnection.isEligible] for details.
 *
 *  3. Attempt plans from prior connect attempts for this call. These occur as either follow-ups to
 *     failed connect attempts (such as trying the next [ConnectionSpec]), or as attempts that lost
 *     a race in fast follow-up.
 *
 *  4. If there's no existing connection, make a list of routes (which may require blocking DNS

    // The task thread waits for the latch, so we expect a timeout here.
    try {
      future.get(20, MILLISECONDS);
      fail("Should have timed out trying to get the value.");
    } catch (TimeoutException expected) {
    } finally {
      latch.countDown();
    }
  }

  /**
   * Tests that a canceled future throws a cancellation exception.
   *

     * 3 - disconnecting
     */
    int connectionState;
    int tid;

    String share;
    String service = "?????";
    String service0;
    SmbSession session;
    boolean inDfs, inDomainDfs;
    int tree_num; // used by SmbFile.isOpen

    SmbTree(final SmbSession session, final String share, final String service) {
        this.session = session;
        this.share = share.toUpperCase();

public class ContentNotFoundExceptionTest extends UnitFessTestCase {

    public void test_constructor_withValidUrls() {
        // Test with normal URLs
        String parentUrl = "http://example.com/parent";
        String url = "http://example.com/child";
        ContentNotFoundException exception = new ContentNotFoundException(parentUrl, url);

        assertNotNull(exception);

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.