2018/12/26 17:49:36 listening on http://localhost:8888/
```

This will open the login page of keycloak, upon successful login, STS credentials along with any buckets discovered using the credentials will be printed on the screen, for example:

```
{
  "buckets": [
    "bucket-x"
  ],
  "credentials": {
    "AccessKeyID": "6N2BALX7ELO827DXS3GK",
    "SecretAccessKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR+xxx",

        when(config.getMaxRequestRetries()).thenReturn(2);
        when(config.isTraceResourceUsage()).thenReturn(false);
        // Mock credentials to avoid NullPointerException
        when(ctx.getCredentials()).thenReturn(credentials);
        when(credentials.getUserDomain()).thenReturn("DOMAIN");
        // Mock DFS resolver
        when(ctx.getDfs()).thenReturn(dfsResolver);
    }

> password: password

and then click "Grant access"

On the browser now you shall see the list of buckets output, along with your temporary credentials obtained from MinIO.

```
{
 "buckets": [
  "dl.minio.equipment",
  "dl.minio.service-fulfillment",
  "testbucket"
 ],
 "credentials": {
  "AccessKeyID": "Q31CVS1PSCJ4OTK2YVEM",
  "SecretAccessKey": "rmDEOKARqKYmEyjWGhmhLpzcncyu7Jf8aZ9bjDic",

	// Validation of credentials
	if conf.AccessKey == "" || conf.SecretKey == "" {
		return nil, errors.New("both access and secret keys are required")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	u, err := url.Parse(conf.Endpoint)
	if err != nil {
		return nil, err
	}

	creds := credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")

     * server, its credentials will be updated to match the values from the server specification. Repositories without a
     * matching server will have their credentials cleared. Note: This method must be called after
     * {@link #injectMirror(List, List)} or the repositories will end up with the wrong credentials.
     *

     *
     * @param req
     *            The request being serviced.
     * @param resp
     *            The response.
     * @param challenge
     *            The domain controller challenge.
     * @return credentials passed in the servlet request
     * @throws IOException
     *             If an IO error occurs.
     */

    }

    /**
     * Authenticate arbitrary credentials represented by the
     * <code>NtlmPasswordAuthentication</code> object against the domain controller
     * specified by the <code>UniAddress</code> parameter. If the credentials are
     * not accepted, an <code>SmbAuthException</code> will be thrown. If an error
     * occurs an <code>SmbException</code> will be thrown. If the credentials are

        // Use a fresh context to avoid affecting previous tests
        CIFSContext ctx2 = mock(CIFSContext.class);
        Configuration config2 = mock(Configuration.class);
        Credentials creds2 = mock(Credentials.class);
        NameServiceClient nsc2 = mock(NameServiceClient.class);
        when(ctx2.getConfig()).thenReturn(config2);
        when(ctx2.getCredentials()).thenReturn(creds2);

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network

 */
package jcifs.context;

import java.net.MalformedURLException;
import java.net.URLStreamHandler;

import jcifs.BufferCache;
import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.Credentials;
import jcifs.DfsResolver;
import jcifs.NameServiceClient;
import jcifs.SidResolver;
import jcifs.SmbPipeResource;
import jcifs.SmbResource;
import jcifs.SmbTransportPool;
import jcifs.netbios.NameServiceClientImpl;