/**
     * Sets the certificate to be valid in ```[notBefore..notAfter]```. Both endpoints are specified
     * in the format of [System.currentTimeMillis]. Specify -1L for both values to use the default
     * interval, 24 hours starting when the certificate is created.
     */
    fun validityInterval(
      notBefore: Long,
      notAfter: Long,
    ) = apply {
      require(notBefore <= notAfter && notBefore == -1L == (notAfter == -1L)) {

    // Configurable key rotation limits with defaults
    private volatile long keyRotationBytesLimit = 1L << 30; // Default: 1GB
    private volatile long keyRotationTimeLimit = 24 * 60 * 60 * 1000L; // Default: 24 hours

    // Rotation metrics
    private final AtomicLong totalKeyRotations = new AtomicLong(0);
    private final AtomicLong lastKeyRotationTime = new AtomicLong(0);

    /**

Clients might rely on the platform certificates and servers might use a private
organization-specific certificate authority.

By default `HeldCertificate` instances expire after 24 hours. Use `duration()` to adjust.

By default server certificates need to identify which hostnames they're trusted for. You may add as
many as necessary with `addSubjectAlternativeName()`. This mechanism also supports a very limited

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

     */
    @Resource
    protected FessConfig fessConfig;

    /**
     * Time interval in milliseconds after which jobs are considered expired.
     * Default is 2 hours (2 * 60 * 60 * 1000L).
     */
    protected long expiredJobInterval = 2 * 60 * 60 * 1000L; // 2hours

    /**
     * Retrieves a paginated list of job logs based on the provided pager configuration.
     *

        // Test with cross-midnight rule
        IntervalRule crossRule = new IntervalRule("22:00", "02:00", "1", 1000); // Sunday only
        // For cross-midnight rule, when checking early morning hours (1:30), it checks day+1
        // day=8 becomes day=1, so day+1=2, which is Monday (not Sunday)
        assertFalse(crossRule.isTarget(1, 30, 8)); // Should be treated as day 1 (Sunday), checking day+1=2 (Monday)
    }

- Temporary credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, MinIO no longer recognizes them or allows any kind of access from API requests made with them.

    private static final long TEST_CREATE_TIME = System.currentTimeMillis() - 86400000L; // 1 day ago
    private static final long TEST_LAST_ACCESS_TIME = System.currentTimeMillis() - 43200000L; // 12 hours ago
    private static final long TEST_LAST_WRITE_TIME = System.currentTimeMillis() - 3600000L; // 1 hour ago
    private static final long TEST_CHANGE_TIME = System.currentTimeMillis(); // now

            this.netbiosLookupRespLimit = Config.getInt(p, "jcifs.netbios.lookupRespLimit", 3);
            this.netbiosCacheTimeout = Config.getInt(p, "jcifs.netbios.cachePolicy", 60 * 10) * 60; /* 10 hours */

            if (this.realm == null) {
                this.realm = "jCIFS";
            }

            this.transportContext = new BaseContext(new PropertyConfiguration(p));

  - Add and Save

- Go to Clients
  - Click on `account`
  - Settings, set `Valid Redirect URIs` to `*`, expand `Advanced Settings` and set `Access Token Lifespan` to `1 Hours`
  - Save

- Go to Clients
  - Click on `account`
  - Mappers
  - Create
    - `Name` with any text
    - `Mapper Type` is `User Attribute`
    - `User Attribute` is `policy`