/** Property key for login requirement configuration. */
    public static final String LOGIN_REQUIRED_PROPERTY = "login.required";

    /** Property key for result collapse configuration. */
    public static final String RESULT_COLLAPSED_PROPERTY = "result.collapsed";

    /** Property key for login link enabled configuration. */

import org.codelibs.curl.Curl;
import org.codelibs.curl.CurlResponse;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.EntraIdCredential;
import org.codelibs.fess.app.web.base.login.EntraIdCredential.EntraIdUser;
import org.codelibs.fess.app.web.base.login.FessLoginAssist.LoginCredentialResolver;
import org.codelibs.fess.crawler.Constants;

After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:

    void testGetSubjectLoginFailuresCacheAndRefresh(SubjectVariant variant) throws Exception {
        JAASAuthenticator auth = buildAuthenticator(variant);

        // First call attempts a JAAS login; behavior depends on JAAS configuration
        Subject first = auth.getSubject();

        // Second call should return cached value (same as first)
        Subject second = auth.getSubject();

import org.codelibs.core.beans.util.BeanUtil;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.app.pager.UserPager;
import org.codelibs.fess.app.web.base.login.FessLoginAssist;
import org.codelibs.fess.exception.FessUserNotFoundException;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.opensearch.user.cbean.UserCB;

        assertTrue(exception.getMessage().toLowerCase().contains("logon") || exception.getMessage().toLowerCase().contains("authentication")
                || exception.getMessage().toLowerCase().contains("login") || exception.getMessage().toLowerCase().contains("user")
                || exception.getMessage().toLowerCase().contains("password"));
    }

        context.put("sessionId", "abc123def456");
        context.put("username", "******@****.***");

        logger.logEvent(EventType.AUTHENTICATION_SUCCESS, Severity.INFO, "Login attempt", context);

        // The test verifies that the logger runs without errors when masking is enabled
        Map<EventType, Long> stats = logger.getStatistics();

```properties
labels.system_name=Fess
labels.search=Search
labels.login=Login
labels.logout=Logout
# ... approximately 1,056 more entries
```

**`fess_message_[locale].properties`** contains system messages such as:
```properties
errors.required={0} is required.
errors.minlength={0} cannot be less than {1}.
success.login=Logged in successfully.
# ... approximately 200 more entries
```

      .assertNoMoreLogs()
  }

  @Test
  fun preserveQueryParamsAfterRedacted() {
    url =
      server.url(
        """/api/login?
      |user=test_user&
      |authentication=basic&
      |password=confidential_password&
      |authentication=rather simple login method
        """.trimMargin(),
      )
    val networkInterceptor =
      HttpLoggingInterceptor(networkLogs).setLevel(

        assertArrayEquals(blob, resp.getBlob());
        assertEquals(sessionFlags, resp.getSessionFlags());
        assertTrue(resp.isLoggedInAsGuest(), "Anonymous should be treated as guest login");
    }

    @Test
    @DisplayName("prepare should not set sessionId if not received yet")
    void testPrepareWithoutReceivedDoesNotPropagate() {
        Smb2SessionSetupResponse resp = newResponse();