- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem

import jakarta.annotation.Resource;

/**
 * Service class for managing file authentication configurations.
 * This service provides operations for retrieving, storing, and deleting
 * file authentication settings used by the Fess search engine.
 */
public class FileAuthenticationService {

    /**
     * Default constructor for file authentication service.
     * Creates a new instance with default values.
     */

     * This is used in the negotation of local authentication.
     */
    int NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000;

    /**
     * Indicates whether the OEM-formatted workstation name is supplied
     * in the Type-1 message. This is used in the negotiation of local
     * authentication.
     */
    int NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000;

    /**

import org.apache.logging.log4j.Logger;

/**
 * Holds a map of SMB authentication configurations, allowing retrieval of the appropriate
 * authentication based on a given path.
 *
 * <p>This class manages a collection of {@link SmbAuthentication} objects, each associated
 * with a specific path prefix. When a path is provided, it iterates through the stored
 * authentications to find the one whose path prefix matches the beginning of the given path.

    public String protocolScheme;

    /** The username for file authentication (required, maximum 100 characters). */
    @Required
    @Size(max = 100)
    public String username;

    /** The password for file authentication (maximum 100 characters). */
    @Size(max = 100)
    public String password;

    /** Additional parameters for file authentication (maximum 1000 characters). */
    @Size(max = 1000)

    /**
     * Main SSO authentication endpoint.
     *
     * This method handles the primary SSO authentication flow. It checks if a user
     * is already logged in, attempts SSO authentication, and handles various
     * authentication scenarios including success, failure, and challenge responses.
     *
     * @return ActionResponse directing to the appropriate page based on authentication result
     */
    @Execute

                TimeUnit.MILLISECONDS);

        log.info("Authentication rate limiter initialized: maxAccount={}, maxIp={}, maxGlobal={}/min", maxAttemptsPerAccount,
                maxAttemptsPerIp, maxGlobalAttemptsPerMinute);
    }

    /**
     * Check if authentication attempt is allowed
     *
     * @param username the username attempting authentication
     * @param sourceIp the source IP address

     */
    @Min(0)
    @Max(100000)
    @ValidateTypeFailure
    public Integer purgeSuggestSearchLogDay;

    /**
     * LDAP server URL for authentication.
     * Used when LDAP authentication is enabled.
     */
    @Size(max = 1000)
    public String ldapProviderUrl;

    /**
     * LDAP security principal for binding to the LDAP server.

     * @param host the target host
     * @param initialToken initial authentication token, if any
     * @param doSigning whether message signing should be enabled
     * @return a new SSP authentication context
     * @throws SmbException if context creation fails
     */
    SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException;

    /**

 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.
 * <p>
 * Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
 * the Network Explorer Servlet</a> related information.
 */
@Deprecated
public class NtlmSsp implements NtlmFlags {

    /**