}

    /**
     * Redirects an authenticated user to the appropriate admin interface based on their roles.
     * Users with admin roles are redirected to the dashboard, while other users are redirected
     * to their designated admin action class or to the root if no specific action is available.
     *
     * @param user the authenticated user bean containing role information

labels.menu_label_type=Label
labels.menu_key_match=Key Match
labels.menu_boost_document_rule=Document Boost
labels.menu_path_mapping=Path Mapping
labels.menu_web_authentication=Web Authentication
labels.menu_file_authentication=File Authentication
labels.menu_request_header=Request Header
labels.menu_duplicate_host=Duplicate Host
labels.menu_user=User
labels.menu_role=Role
labels.menu_group=Group
labels.menu_suggest=Suggest

- Validation: `@Required`, `@Size`, `@ValidateTypeFailure`, `@Pattern`
- Include `crudMode` field for CRUD operations

## Security and Authentication

- `@Secured` annotation with role array (`"admin-user"`, `"admin-user-view"`)
- Role-based query filtering via `RoleQueryHelper`
- Authentication: Local (UserService), LDAP, OIDC, SAML, SPNEGO, Entra ID

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network
* and the application doesn't have any authentication, it expects that any request from the same network can be trusted.

## Example Attack { #example-attack }

    /**
     * Handles the help page request and renders the help interface.
     * This method performs authentication checks and sets up the necessary
     * form parameters and rendering data for the help page display.
     *
     * @return HtmlResponse containing the rendered help page or redirect to login if authentication is required
     */
    @Execute
    public HtmlResponse index() {
        if (isLoginRequired()) {

            }
        }
    }

    private Authentication getAuthentication(AuthenticationSelector selector, ArtifactRepository repository) {
        if (selector != null) {
            RemoteRepository repo = RepositoryUtils.toRepo(repository);
            org.eclipse.aether.repository.Authentication auth = selector.getAuthentication(repo);
            if (auth != null) {

 *   <li>SO_TIMEOUT_PROPERTY: Socket timeout setting.</li>
 *   <li>PROXY_HOST_PROPERTY: Proxy host setting.</li>
 *   <li>PROXY_PORT_PROPERTY: Proxy port setting.</li>
 *   <li>PROXY_AUTH_SCHEME_PROPERTY: Proxy authentication scheme.</li>
 *   <li>PROXY_CREDENTIALS_PROPERTY: Proxy credentials.</li>
 *   <li>USER_AGENT_PROPERTY: User agent string.</li>
 *   <li>ROBOTS_TXT_ENABLED_PROPERTY: Enable or disable robots.txt parsing.</li>

    }

    /**
     * Returns the authentication target.
     *
     * @return A <code>String</code> containing the authentication target.
     */
    public String getTarget() {
        return target;
    }

    /**
     * Sets the authentication target.
     *
     * @param target The authentication target.
     */
    public void setTarget(final String target) {

sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS

 */
package org.codelibs.fess.app.web.admin.webauth;

/**
 * The search form for Web Authentication.
 */
public class SearchForm {

    /**
     * Default constructor for SearchForm.
     */
    public SearchForm() {
    }

    /**
     * The ID field for searching web authentication settings.
     */
    public String id;