authTypePostPolicy
	authTypeStreamingSigned
	authTypeSigned
	authTypeSignedV2
	authTypeJWT
	authTypeSTS
	authTypeStreamingSignedTrailer
	authTypeStreamingUnsignedTrailer
)

// Get request authentication type.
func getRequestAuthType(r *http.Request) (at authType) {
	if r.URL != nil {
		var err error
		r.Form, err = url.ParseQuery(r.URL.RawQuery)
		if err != nil {
			authNLogIf(r.Context(), err)

    public void tearDown() {
        if (rateLimiter != null) {
            rateLimiter.close();
        }
    }

    @Test
    public void testNormalAuthentication() throws Exception {
        // Normal authentication should be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "First attempt should be allowed");

        // Record success
        rateLimiter.recordSuccess("user1", "192.168.1.1");

	req, err := newTestRequest(http.MethodPost, resource, 0, nil)
	if err != nil {
		return nil, err
	}

	// management REST API uses signature V4 for authentication.
	err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
	if err != nil {
		return nil, err
	}
	return req, nil
}

// testServicesCmdHandler - parametrizes service subcommand tests on

        assertEquals(300L, config.getDfsTtl());
        assertFalse(config.isDfsConvertToFQDN());
        assertNull(config.getLogonShare());
    }

    @Test
    @DisplayName("Test authentication configuration getters")
    void testAuthenticationConfigurationGetters() {
        assertNull(config.getDefaultDomain());
        assertNull(config.getDefaultUsername());
        assertNull(config.getDefaultPassword());

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.

   */
  public fun useHttps(sslSocketFactory: SSLSocketFactory) {
    this.sslSocketFactory = sslSocketFactory
  }

  /**
   * Configure the server to not perform SSL authentication of the client. This leaves
   * authentication to another layer such as in an HTTP cookie or header. This is the default and
   * most common configuration.
   */
  public fun noClientAuth() {
    this.clientAuth = CLIENT_AUTH_NONE
  }

    client.networkInterceptors().add(loggingInterceptor);
    ```

    **Warning:** Avoid `Level.HEADERS` and `Level.BODY` in production because
    they could leak passwords and other authentication credentials to insecure
    logs.

 *  **WebSocket API now uses `RequestBody` and `ResponseBody` for messages.**
    This is a backwards-incompatible API change.

import org.codelibs.core.misc.Pair;
import org.codelibs.core.stream.StreamUtil;
import org.codelibs.fess.crawler.Constants;

/**
 * The FormScheme class implements the AuthScheme interface to provide
 * form-based authentication for HTTP clients. It handles the process of
 * obtaining a token and logging in using the provided credentials.
 *
 * <p>This class supports both GET and POST methods for token and login

import org.codelibs.fess.crawler.exception.CrawlerSystemException;
import org.codelibs.fess.exception.CommandExecutionException;
import org.codelibs.fess.opensearch.user.exentity.User;

/**
 * Authentication chain implementation that executes external commands for user operations.
 * Provides user management through command-line tool execution for password changes and user deletion.
 */

        }
        return isBind;
    }

    /**
     * Authenticates a user with the specified username and password against LDAP.
     *
     * @param username the username for authentication
     * @param password the password for authentication
     * @return an optional containing the authenticated user if successful, empty otherwise
     */
    public OptionalEntity<FessUser> login(final String username, final String password) {