filippo.io/edwards25519 v1.1.0 // indirect
	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect

        final String[] arr = new String[4];
        final long expiration = System.currentTimeMillis() + Dfs.TTL * 1000;

        int di = 0;
        for (;;) {
            /* NTLM HTTP Authentication must be re-negotiated
             * with challenge from 'server' to access DFS vol. */
            dr.resolveHashes = auth.hashesExternal;
            dr.ttl = resp.referrals[di].ttl;

        byte[] encrypted = storage.encryptCredentials(plaintext);

        // Tamper with the encrypted data
        encrypted[encrypted.length - 1] ^= 0xFF;

        // Should throw exception due to authentication tag failure
        assertThrows(GeneralSecurityException.class, () -> {
            storage.decryptCredentials(encrypted);
        }, "Should throw GeneralSecurityException when decrypting tampered data");

        }
        return isBind;
    }

    /**
     * Authenticates a user with the specified username and password against LDAP.
     *
     * @param username the username for authentication
     * @param password the password for authentication
     * @return an optional containing the authenticated user if successful, empty otherwise
     */
    public OptionalEntity<FessUser> login(final String username, final String password) {

	authTypePostPolicy
	authTypeStreamingSigned
	authTypeSigned
	authTypeSignedV2
	authTypeJWT
	authTypeSTS
	authTypeStreamingSignedTrailer
	authTypeStreamingUnsignedTrailer
)

// Get request authentication type.
func getRequestAuthType(r *http.Request) (at authType) {
	if r.URL != nil {
		var err error
		r.Form, err = url.ParseQuery(r.URL.RawQuery)
		if err != nil {
			authNLogIf(r.Context(), err)

  - Promoted the `ServiceAccountTokenPodNodeInfo` feature to GA, which adds the node name and uid as claims into service account tokens mounted into running pods, and embeds that information as `authentication.kubernetes.io/node-name` and `authentication.kubernetes.io/node-uid` user extra info when the token is used

import org.codelibs.fess.crawler.exception.CrawlerSystemException;
import org.codelibs.fess.exception.CommandExecutionException;
import org.codelibs.fess.opensearch.user.exentity.User;

/**
 * Authentication chain implementation that executes external commands for user operations.
 * Provides user management through command-line tool execution for password changes and user deletion.
 */

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * API manager for search engine administrative operations.
 * Provides secure access to search engine APIs through authentication and token-based authorization.
 */
public class SearchEngineApiManager extends BaseApiManager {
    private static final String ADMIN_SERVER = "/admin/server_";

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.

        assertDoesNotThrow(() -> spiedConnection.getResponseCode());
        assertDoesNotThrow(() -> spiedConnection.getInputStream());
    }

    /**
     * Test a successful NTLM authentication handshake.
     * This is a simplified test that verifies the basic flow without full NTLM protocol simulation.
     * @throws IOException
     * @throws SecurityException
     */
    @Test