/**
     * Check if these are anonymous credentials.
     * @return whether these are anonymous credentials
     */
    boolean isAnonymous();

    /**
     * Check if these are guest credentials.
     * @return whether these are guest credentials
     */
    boolean isGuest();

        assertEquals("DRguest", permissionHelper.encode("(deny){role}guest"));
        assertEquals("D2guest", permissionHelper.encode("(deny){group}guest"));
        assertEquals("D1guest", permissionHelper.encode("(deny){USER}guest"));
        assertEquals("DRguest", permissionHelper.encode("(deny){ROLE}guest"));
        assertEquals("D2guest", permissionHelper.encode("(deny){GROUP}guest"));

        private final boolean anonymous;
        private final boolean guest;
        private final Subject subject;
        private final boolean failOnRefresh;

        TestCredentials(String domain, boolean anonymous, boolean guest, Subject subject, boolean failOnRefresh) {
            this.domain = domain;
            this.anonymous = anonymous;
            this.guest = guest;
            this.subject = subject;

        assertTrue(fessUserBean.hasRoles(new String[] { "admin", "user" }));
        assertTrue(fessUserBean.hasRoles(new String[] { "guest", "admin" }));

        // Test with no matching roles
        assertFalse(fessUserBean.hasRoles(new String[] { "guest", "viewer" }));

        // Test with multiple roles
        testUser.setRoleNames(new String[] { "admin", "user", "manager" });

        String primaryDomain = (String) getField(obj, "primaryDomain");

        // The actual implementation keeps lowercase for guest when Unicode is not enabled
        assertEquals("guest", accountName);
        assertEquals("DOM", primaryDomain);

        byte[] lm = (byte[]) getField(obj, "lmHash");
        byte[] nt = (byte[]) getField(obj, "ntHash");
        assertArrayEquals(new byte[0], lm);

        assertFalse(auth1.isGuest());
        assertFalse(auth1.isAnonymous());

        // Test guest type with char array
        char[] guestPassword = "GuestPass123!".toCharArray();
        NtlmPasswordAuthenticator auth2 =
                new NtlmPasswordAuthenticator("DOMAIN", "guest", guestPassword, NtlmPasswordAuthenticator.AuthenticationType.GUEST);

        assertTrue(auth2.isGuest());
        assertFalse(auth2.isAnonymous());

        assertTrue(disablePlainTextPasswords, "Should delegate plain text password setting");
        assertEquals("GUEST", guestUsername, "Should delegate guest username");
        assertEquals("", guestPassword, "Should delegate guest password");
        assertFalse(allowGuestFallback, "Should delegate guest fallback setting");

        verify(mockDelegate).getLanManCompatibility();
        verify(mockDelegate).isAllowNTLMFallback();

{"index":{"_index":"fess_user.role","_id":"YWRtaW4="}}
{"name":"admin"}
{"index":{"_index":"fess_user.role","_id":"Z3Vlc3Q="}}

import jcifs.util.SecureKeyManager;
import jcifs.util.Strings;

/**
 * This class stores and encrypts NTLM user credentials.
 *
 * Contrary to {@link NtlmPasswordAuthentication} this does not cause guest authentication
 * when the "guest" username is supplied. Use {@link AuthenticationType} instead.
 *
 * @author mbechler
 */
public class NtlmPasswordAuthenticator implements Principal, CredentialsInternal, Serializable, AutoCloseable {

        bufferIndex += securityBufferLength;

        return bufferIndex - start;
    }

    /**
     * Checks whether the session is either anonymous or a guest session
     *
     * @return whether the session is either anonymous or a guest session
     */
    public boolean isLoggedInAsGuest() {
        return (this.sessionFlags & (SMB2_SESSION_FLAGS_IS_GUEST | SMB2_SESSION_FLAGS_IS_NULL)) != 0;
    }