"/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Basic"
    assert response.json() == {"detail": "Not authenticated"}


def test_security_http_basic_non_basic_credentials():
    payload = b64encode(b"johnsecret").decode("ascii")
    auth_header = f"Basic {payload}"

    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Digest"


def test_security_http_digest_incorrect_scheme_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Other invalidauthorization"}
    )
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}

    @Size(max = 1000)
    public String spnegoLoginServerModule;

    /** SPNEGO pre-authentication username. */
    @Size(max = 1000)
    public String spnegoPreauthUsername;

    /** SPNEGO pre-authentication password. */
    @Size(max = 1000)
    public String spnegoPreauthPassword;

    /** Enable or disable SPNEGO basic authentication. */
    @Size(max = 10)
    public String spnegoAllowBasic;

     * hashes. This is used exclusively by the {@code jcifs.http.NtlmSsp}
     * class which is in turn used by NTLM HTTP authentication functionality.
     *
     * @param domain the authentication domain
     * @param username the username to authenticate with
     * @param challenge the server challenge bytes
     * @param ansiHash the ANSI password hash
     * @param unicodeHash the Unicode password hash

- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem

        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(filterChain, never()).doFilter(any(), any());
    }

    @Test
    void testDoFilter_skipAuthentication() throws Exception {
        // Initialize filter first
        initializeFilter();

        // Test skip authentication mode
        when(request.getHeader("Authorization")).thenReturn(null);

{* ../../docs_src/security/tutorial003_an_py310.py hl[58:66,69:74,94] *}

/// info

The additional header `WWW-Authenticate` with value `Bearer` we are returning here is also part of the spec.

Any HTTP (error) status code 401 "UNAUTHORIZED" is supposed to also return a `WWW-Authenticate` header.

	errAccessKeyDisabled  = errors.New("The access key you provided is disabled")
	errAuthentication     = errors.New("Authentication failed, check your access credentials")
	errNoAuthToken        = errors.New("JWT token missing")
	errSkewedAuthTime     = errors.New("Skewed authentication date/time")
	errMalformedAuth      = errors.New("Malformed authentication input")
)

func authenticateNode(accessKey, secretKey string) (string, error) {

            throws AuthenticationException {
        return null;
    }

    /**
     * Authenticates using the form scheme.
     * @param credentials The credentials.
     * @param executor The executor for HTTP requests.
     */
    public void authenticate(final Credentials credentials,
            final BiConsumer<ClassicHttpRequest, BiConsumer<ClassicHttpResponse, HttpEntity>> executor) {

def test_security_http_base_no_credentials():
    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Other"


def test_openapi_schema():
    response = client.get("/openapi.json")
    assert response.status_code == 200, response.text
    assert response.json() == snapshot(
        {