import static org.mockito.Mockito.when;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;

	<component name="userInfoHelper" class="org.codelibs.fess.helper.UserInfoHelper">
	</component>
	<component name="authenticationManager" class="org.codelibs.fess.auth.AuthenticationManager">
		<!--
		<postConstruct name="addChain">
			<arg>
				<component class="org.codelibs.fess.auth.chain.CommandChain">
					<property name="updateCommand">[
					"/usr/sbin/htpasswd",
					"-b",
					"/tmp/test.txt",
					"$USERNAME",
					"$PASSWORD"

    }

    @Override
    public Kerb5Authenticator clone() {
        Kerb5Authenticator auth = new Kerb5Authenticator(getSubject());
        cloneInternal(auth, this);
        return auth;
    }

    /**
     * Clone the context
     *
     * @param to the target authenticator
     * @param from the source authenticator
     */

        }

        // consider the username&password because a repo manager might block artifacts depending on authorization
        Authentication auth = repository.getAuthentication();
        if (auth != null) {
            int hash = (auth.getUsername() + auth.getPassword()).hashCode();
            buffer.append(hash).append('@');
        }

import org.lastaflute.web.response.HtmlResponse;
import org.lastaflute.web.util.LaRequestUtil;

import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpTransport;

 * for (Challenge challenge : response.challenges()) {
 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
 *     return response.request().newBuilder()
 *         .header("Proxy-Authorization", "secret")
 *         .build();
 *   }
 * }
 * return null; // Didn't find a preemptive auth scheme.
 * ```
 *
 * ## Reactive Authentication
 *

   * Otherwise this returns an empty list of challenges.
   *
   * If a challenge uses the `token68` variant instead of auth params, there is exactly one
   * auth param in the challenge at key null. Invalid headers and challenges are ignored.
   * No semantic validation is done, for example that `Basic` auth must have a `realm`
   * auth param, this is up to the caller that interprets these challenges.
   */
  fun challenges(): List<Challenge> {

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.auth;

import static org.codelibs.core.stream.StreamUtil.stream;

import org.apache.commons.lang3.ArrayUtils;
import org.codelibs.core.stream.StreamUtil.StreamOf;
import org.codelibs.fess.auth.chain.AuthenticationChain;
import org.codelibs.fess.opensearch.user.exentity.User;

/**

                ssn.removeAttribute("NtlmHttpChal");
            } else {
                final String auth = new String(Base64.decode(msg.substring(6)), "US-ASCII");
                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {

- Disallow `k8s.io` and `kubernetes.io` namespaced extra key in structured authentication configuration. ([#126553](https://github.com/kubernetes/kubernetes/pull/126553), [@aramase](https://github.com/aramase)) [SIG Auth]