*     .build();
 * ```
 *
 * The proxy authenticator may implement preemptive authentication, reactive authentication, or
 * both.
 *
 * Applications may configure OkHttp with an authenticator for origin servers, or proxy servers,
 * or both.
 *
 * ## Authentication Retries
 *
 * If your authentication may be flaky and requires retries you should apply some policy

        /** User's computed permissions. */
        protected volatile String[] permissions;

        /** Entra ID authentication result. */
        protected IAuthenticationResult authResult;

        /**
         * Constructs an Entra ID user with the authentication result.
         * @param authResult The authentication result from Entra ID.
         */
        public EntraIdUser(final IAuthenticationResult authResult) {

import org.lastaflute.web.login.credential.LoginCredential;

/**
 * SPNEGO authentication credential implementation.
 *
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the
 * SPNEGO authentication process, typically from a Kerberos ticket.
 */

     * @param tc the CIFS context containing credentials
     * @throws CIFSException if an error occurs during authentication
     * @deprecated functionality is broken and will be removed at some point,
     *             use actual Active Directory authentication instead
     */
    @Deprecated
    void logon(CIFSContext tc, Address dc) throws CIFSException;

    /**

			Secret:      true,
		},
		config.HelpKV{
			Key:         ClientCert,
			Description: "mTLS certificate for webhook authentication",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         ClientKey,
			Description: "mTLS certificate key for webhook authentication",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{

    @Size(max = 1000)
    public String spnegoLoginServerModule;

    /** SPNEGO pre-authentication username. */
    @Size(max = 1000)
    public String spnegoPreauthUsername;

    /** SPNEGO pre-authentication password. */
    @Size(max = 1000)
    public String spnegoPreauthPassword;

    /** Enable or disable SPNEGO basic authentication. */
    @Size(max = 10)
    public String spnegoAllowBasic;

import org.dbflute.optional.OptionalEntity;

import jakarta.annotation.Resource;

/**
 * Service class for managing web authentication configurations.
 * Provides CRUD operations for web authentication settings including
 * listing, retrieving, storing, and deleting authentication configurations.
 */
public class WebAuthenticationService {

    /**
     * Default constructor.
     */

                be `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, with OpenID
                Connect or in a cookie).
                """
            ),
        ] = True,
    ):
        self.model = OpenIdConnectModel(

- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem

                be `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, with OAuth2
                or in a cookie).
                """
            ),
        ] = True,
    ):
        self.model = OAuth2Model(