import org.codelibs.core.misc.Pair;
import org.codelibs.core.stream.StreamUtil;
import org.codelibs.fess.crawler.Constants;

/**
 * The FormScheme class implements the AuthScheme interface to provide
 * form-based authentication for HTTP clients. It handles the process of
 * obtaining a token and logging in using the provided credentials.
 *
 * <p>This class supports both GET and POST methods for token and login

import jakarta.servlet.ServletContext;

/**
 * Base action class for admin pages in Fess.
 * <p>
 * This abstract class provides common functionality for all admin actions,
 * including authentication, authorization, and HTML data setup.
 * </p>
 *
 */
public abstract class FessAdminAction extends FessBaseAction {

    /** Constant suffix for view names. */
    public static final String VIEW = "-view";

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;

import jcifs.CIFSException;
import jcifs.smb.PreauthIntegrityService.PreauthIntegrityContext;

/**
 * Comprehensive tests for enhanced pre-authentication integrity service.
 */
public class PreauthIntegrityServiceTest {

    private PreauthIntegrityService preauthService;
    private SecureRandom secureRandom;

    @BeforeEach
    public void setUp() {

 *
 * <p>This client requires the following initialization parameters:
 * <ul>
 *   <li>endpoint - The URL of the S3-compatible server</li>
 *   <li>accessKey - The access key for authentication</li>
 *   <li>secretKey - The secret key for authentication</li>
 *   <li>region - The AWS region (default: us-east-1)</li>
 *   <li>connectTimeout - Connection timeout in milliseconds (default: 10000)</li>

 *
 * <p>This client requires the following initialization parameters:
 * <ul>
 *   <li>endpoint - The URL of the MinIO server</li>
 *   <li>accessKey - The access key for authentication</li>
 *   <li>secretKey - The secret key for authentication</li>
 *   <li>connectTimeout - Connection timeout in milliseconds (default: 10000)</li>
 *   <li>writeTimeout - Write timeout in milliseconds (default: 10000)</li>

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.
   */
  @Throws(IOException::class)

     * however the username can be {@code null} indication anonymous
     * credentials were used (e.g. some IPC$ services).
     */

    /**
     * Returns the principal used for authentication
     *
     * @return the authentication principal
     */
    public Principal getPrincipal() {
        return auth;
    }

    /**
     * Returns the last component of the target URL. This will

var errSessionPolicyTooLarge = errors.New("Session policy should not exceed 2048 characters")

// error returned in SFTP when user used public key without certificate
var errSftpPublicKeyWithoutCert = errors.New("public key authentication without certificate is not accepted")

// error returned in SFTP when user used certificate which does not contain principal(s)

        }
    }

    @Test
    @DisplayName("Should return false if neither renewable nor NTLM authentication succeeds")
    void testRenewCredentials_NoRenewalPossible() {
        // Ensure credentials are not renewable

 * Fix: Drop `Content-Length` header when redirected from POST to GET.
 * Fix: Correctly read cached header entries with malformed header names.
 * Fix: Do not directly support any authentication schemes other than "Basic".
 * Fix: Respect read timeouts on recycled connections.
 * Fix: Transmit multiple cookie values as a single header with delimiter.