import jcifs.CIFSException;

/**
 * Unified authentication provider interface for SMB authentication
 *
 * This interface provides a consistent authentication mechanism across
 * SMB1, SMB2, and SMB3 protocols, addressing the issue of multiple
 * scattered authentication implementations.
 */
public interface AuthenticationProvider {

    /**
     * Authentication type enumeration
     */
    enum AuthType {

 *     .build();
 * ```
 *
 * The proxy authenticator may implement preemptive authentication, reactive authentication, or
 * both.
 *
 * Applications may configure OkHttp with an authenticator for origin servers, or proxy servers,
 * or both.
 *
 * ## Authentication Retries
 *
 * If your authentication may be flaky and requires retries you should apply some policy

import org.dbflute.optional.OptionalEntity;

import jakarta.annotation.Resource;

/**
 * Service class for managing web authentication configurations.
 * Provides CRUD operations for web authentication settings including
 * listing, retrieving, storing, and deleting authentication configurations.
 */
public class WebAuthenticationService {

    /**
     * Default constructor.
     */

import org.lastaflute.web.login.credential.LoginCredential;

/**
 * SPNEGO authentication credential implementation.
 *
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the
 * SPNEGO authentication process, typically from a Kerberos ticket.
 */

     * @param tc the CIFS context containing credentials
     * @throws CIFSException if an error occurs during authentication
     * @deprecated functionality is broken and will be removed at some point,
     *             use actual Active Directory authentication instead
     */
    @Deprecated
    void logon(CIFSContext tc, Address dc) throws CIFSException;

    /**

        // Authentication errors
        AUTHENTICATION_FAILED("Authentication failed", ErrorCategory.AUTHENTICATION, false), ACCESS_DENIED("Access denied",
                ErrorCategory.AUTHENTICATION, false), INVALID_CREDENTIALS("Invalid credentials", ErrorCategory.AUTHENTICATION,
                        false), SESSION_EXPIRED("Session expired", ErrorCategory.AUTHENTICATION, true),

        // File system errors

- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem

                TimeUnit.MILLISECONDS);

        log.info("Authentication rate limiter initialized: maxAccount={}, maxIp={}, maxGlobal={}/min", maxAttemptsPerAccount,
                maxAttemptsPerIp, maxGlobalAttemptsPerMinute);
    }

    /**
     * Check if authentication attempt is allowed
     *
     * @param username the username attempting authentication
     * @param sourceIp the source IP address

     */
    @Min(0)
    @Max(100000)
    @ValidateTypeFailure
    public Integer purgeSuggestSearchLogDay;

    /**
     * LDAP server URL for authentication.
     * Used when LDAP authentication is enabled.
     */
    @Size(max = 1000)
    public String ldapProviderUrl;

    /**
     * LDAP security principal for binding to the LDAP server.

 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.
 * <p>
 * Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
 * the Network Explorer Servlet</a> related information.
 */
@Deprecated
public class NtlmSsp implements NtlmFlags {

    /**