<exclude>%regex[.*Tester.class]</exclude>
              <!-- Anonymous TestCase subclasses in GeneratedMonitorTest -->
              <exclude>%regex[.*[$]\d+.class]</exclude>
            </excludes>
            <redirectTestOutputToFile>true</redirectTestOutputToFile>

 *
 * Warning: Do not use this if there is a chance that you might have multiple connections (even plain
 * HttpURLConnections, for the complete JRE) to the same host with different or mixed anonymous/authenticated
 * credentials. Authenticated connections can/will be reused.
 *
 * @deprecated This is broken by design, even a possible vulnerability. Deprecation is conditional on whether future JDK

            final String user, final String workstation, final int flags) throws GeneralSecurityException, CIFSException {
        // keep old behavior of anonymous auth when no password is provided
        this(tc, type2, targetName, password, domain, user, workstation, flags, false);
    }

    /**
     * Creates a Type-3 message in response to the given Type-2 message.
     *

            tree.treeConnect(null, null);
        } catch (final SmbAuthException sae) {
            NtlmPasswordAuthentication a;
            SmbSession ssn;

            if (share == null) { // IPC$ - try "anonymous" credentials
                ssn = trans.getSmbSession(NtlmPasswordAuthentication.NULL);
                tree = ssn.getSmbTree(null, null);

  static <T extends @Nullable Object> UnmodifiableListIterator<T> emptyListIterator() {
    return (UnmodifiableListIterator<T>) ArrayItr.EMPTY;
  }

  /**
   * This is an enum singleton rather than an anonymous class so ProGuard can figure out it's only
   * referenced by emptyModifiableIterator().
   */
  private enum EmptyModifiableIterator implements Iterator<Object> {
    INSTANCE;

    @Override

	// initiate anonymous HTTP request to fetch the object which does not exist. We need to return AccessDenied.
	response, err = s.client.Get(getGetObjectURL(s.endPoint, bucketName, objectName+".1"))
	c.Assert(err, nil)
	// assert the http response status code.
	verifyError(c, response, "AccessDenied", "Access Denied.", http.StatusForbidden)

    - `kubectl create clusterrolebinding anonymous-discovery --clusterrole=system:discovery --group=system:unauthenticated`
    - `kubectl create clusterrolebinding anonymous-access-review --clusterrole=system:basic-user --group=system:unauthenticated`

## Changes to Major Components
### API Server
* **`--anonymous-auth` is enabled by default, unless the API server is started with the `AlwaysAllow` authorizer. ([#38706](https://github.com/kubernetes/kubernetes/pull/38706), [@deads2k](https://github.com/deads2k))**

- Kube-apiserver: fixes a 1.32+ regression validating OIDC and anonymous authentication flags are mutually exclusive to authentication configuration. Fixes an issue where the kube-apiserver `/flagz` endpoint would not respond correctly with parsed flags value. ([#130332](https://github.com/kubernetes/kubernetes/pull/130332),...

        .build()
    server.useHttps(serverCertificates.sslSocketFactory())
    executeSynchronously("/")
      .assertFailureMatches("(?s)Hostname localhost not verified.*")
  }

  /**
   * Anonymous cipher suites were disabled in OpenJDK because they're rarely used and permit
   * man-in-the-middle attacks. https://bugs.openjdk.java.net/browse/JDK-8212823
   */
  @Test
  fun anonCipherSuiteUnsupported() {