labels.menu_label_type=Label
labels.menu_key_match=Key Match
labels.menu_boost_document_rule=Document Boost
labels.menu_path_mapping=Path Mapping
labels.menu_web_authentication=Web Authentication
labels.menu_file_authentication=File Authentication
labels.menu_request_header=Request Header
labels.menu_duplicate_host=Duplicate Host
labels.menu_user=User
labels.menu_role=Role
labels.menu_group=Group
labels.menu_suggest=Suggest

```

Refer [Prometheus documentation](https://prometheus.io/docs/introduction/first_steps/) for more details.

### 2. Configure authentication type for Prometheus metrics

MinIO supports two authentication modes for Prometheus either `jwt` or `public`, by default MinIO runs in `jwt` mode. To allow public access without authentication for prometheus metrics set environment as follows.

```
export MINIO_PROMETHEUS_AUTH_TYPE="public"
minio server ~/test

        repositorySystem.injectAuthentication(Arrays.asList(repository), Arrays.asList(server));
        Authentication authentication = repository.getAuthentication();
        assertNotNull(authentication);
        assertEquals("jason", authentication.getUsername());
        assertEquals("abc123", authentication.getPassword());
    }

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network
* and the application doesn't have any authentication, it expects that any request from the same network can be trusted.

## Example Attack { #example-attack }

    /**
     * Handles the help page request and renders the help interface.
     * This method performs authentication checks and sets up the necessary
     * form parameters and rendering data for the help page display.
     *
     * @return HtmlResponse containing the rendered help page or redirect to login if authentication is required
     */
    @Execute
    public HtmlResponse index() {
        if (isLoginRequired()) {

 */
package org.codelibs.fess.app.web.admin.webauth;

/**
 * The search form for Web Authentication.
 */
public class SearchForm {

    /**
     * Default constructor for SearchForm.
     */
    public SearchForm() {
    }

    /**
     * The ID field for searching web authentication settings.
     */
    public String id;

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT: There is no console UI integration for this method of authentication and it is intended primarily for machine authentication.

        parse(material);
    }

    /**
     * Returns the supplied authentication domain.
     *
     * @return A <code>String</code> containing the supplied domain.
     */
    public String getSuppliedDomain() {
        return suppliedDomain;
    }

    /**
     * Sets the supplied authentication domain for this message.
     *
     * @param suppliedDomain The supplied domain for this message.

import org.codelibs.fess.app.web.api.admin.BaseSearchBody;

/**
 * Search request body for file authentication administration API.
 */
public class SearchBody extends BaseSearchBody {

    /**
     * Default constructor.
     */
    public SearchBody() {
        super();
    }

    /** File authentication configuration ID */
    public String id;

        return Objects.equals(s1, s2);
    }

    @Override
    public Authentication getAuthentication() {
        return authentication;
    }

    @Override
    public void setAuthentication(Authentication authentication) {
        this.authentication = authentication;
    }

    @Override
    public Proxy getProxy() {
        return proxy;
    }