*
     * @param req
     *            The request being serviced.
     * @param resp
     *            The response.
     * @param challenge
     *            The domain controller challenge.
     * @return credentials passed in the servlet request
     * @throws IOException
     *             If an IO error occurs.
     */

	"encoding/hex"
	"io"
	"net/http"
	"net/url"
	"time"

	"github.com/klauspost/compress/gzhttp"
	"github.com/lithammer/shortuuid/v4"
	miniogo "github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/credentials"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"

	"github.com/minio/minio/internal/auth"
	levent "github.com/minio/minio/internal/config/lambda/event"
	"github.com/minio/minio/internal/hash/sha256"

	// Validation of credentials
	if conf.AccessKey == "" || conf.SecretKey == "" {
		return nil, errors.New("both access and secret keys are required")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	u, err := url.Parse(conf.Endpoint)
	if err != nil {
		return nil, err
	}

	creds := credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")

     * server, its credentials will be updated to match the values from the server specification. Repositories without a
     * matching server will have their credentials cleared. Note: This method must be called after
     * {@link #injectMirror(List, List)} or the repositories will end up with the wrong credentials.
     *

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Could not validate credentials"}
    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


@needs_py310
def test_incorrect_token_type(client: TestClient):
    response = client.get(

            final Credentials credentials = getInitParameter(PROXY_CREDENTIALS_PROPERTY, proxyCredentials, Credentials.class);
            if (credentials != null) {
                credentialsProvider.setCredentials(new AuthScope(proxyHost, proxyPort), credentials);

def test_incorrect_token():
    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Could not validate credentials"}
    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


def test_incorrect_token_type():
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )

	return &PolicySys{}
}

func getSTSConditionValues(r *http.Request, lc string, cred auth.Credentials) map[string][]string {
	m := make(map[string][]string)
	if d := r.Form.Get("DurationSeconds"); d != "" {
		m["DurationSeconds"] = []string{d}
	}
	return m
}

func getConditionValues(r *http.Request, lc string, cred auth.Credentials) map[string][]string {
	currTime := UTCNow()

	var (
		username = cred.AccessKey

          persist-credentials: false

      - name: Set up JDK
        uses: actions/setup-java@v4
        with:
          java-version: ${{ matrix.java }}
          distribution: 'temurin'
#          cache: 'maven' - don't use cache for integration tests

      - uses: actions/checkout@v4
        with:
          path: maven/
          persist-credentials: false

      - name: Set up Maven

public class NtlmNtHashAuthenticator extends NtlmPasswordAuthenticator {

    private static final long serialVersionUID = 4328214169536360351L;
    private final byte[] ntHash;


    /**
     * Create username/password credentials with specified domain
     * 
     * @param domain
     * @param username
     * @param passwordHash
     *            NT password hash
     */