* MSIE clients using NTLM SSP. This is similar to {@code Authentication:
 * BASIC} but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for complete details.
 */

/**
 * An HTTP servlet filter that provides NTLM authentication support for SMB1 protocol.

        ntlmServlet.service(request, response);

        // Verify that no authentication challenge is sent
        verify(response, never()).setHeader(eq("WWW-Authenticate"), anyString());
        verify(response, never()).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Helper method to set up common mocks required for authentication tests.
     * @throws CIFSException
     */

import jakarta.annotation.Resource;

/**
 * Service class for managing user operations in the Fess search system.
 * This service provides CRUD operations for user management, including user authentication,
 * password management, and user listing with pagination support.
 *
 */
public class UserService {

    private static final Logger logger = LogManager.getLogger(UserService.class);

    /**

import org.lastaflute.web.response.ActionResponse;

/**
 * Manager class for coordinating SSO (Single Sign-On) authentication operations.
 *
 * This class serves as the central coordinator for SSO authentication in Fess.
 * It manages registered SSO authenticators, determines when SSO is available,
 * and delegates authentication operations to the appropriate SSO provider based
 * on the current configuration.
 */
public class SsoManager {

/**
 * FtpAuthentication class holds the authentication information for FTP connections.
 * It includes server address, port number, username, and password.
 * It also provides a method to check if the authentication matches a given FTP path.
 *
 * <p><b>Security Note:</b> This class stores credentials in memory. For security best practices:
 * <ul>

        }

        // Authentication
        final Hc4Authentication[] siteCredentialList = getAuthenticationArray();
        final List<Pair<Hc4FormScheme, Credentials>> formSchemeList = new ArrayList<>();
        for (final Hc4Authentication authentication : siteCredentialList) {
            final AuthScheme authScheme = authentication.getAuthScheme();
            if (authScheme instanceof Hc4FormScheme) {

labels.menu_label_type=Label
labels.menu_key_match=Key Match
labels.menu_boost_document_rule=Document Boost
labels.menu_path_mapping=Path Mapping
labels.menu_web_authentication=Web Authentication
labels.menu_file_authentication=File Authentication
labels.menu_request_header=Request Header
labels.menu_duplicate_host=Duplicate Host
labels.menu_user=User
labels.menu_role=Role
labels.menu_group=Group
labels.menu_suggest=Suggest

```

Refer [Prometheus documentation](https://prometheus.io/docs/introduction/first_steps/) for more details.

### 2. Configure authentication type for Prometheus metrics

MinIO supports two authentication modes for Prometheus either `jwt` or `public`, by default MinIO runs in `jwt` mode. To allow public access without authentication for prometheus metrics set environment as follows.

```
export MINIO_PROMETHEUS_AUTH_TYPE="public"
minio server ~/test

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network
* and the application doesn't have any authentication, it expects that any request from the same network can be trusted.

## Example Attack { #example-attack }

        repositorySystem.injectAuthentication(Arrays.asList(repository), Arrays.asList(server));
        Authentication authentication = repository.getAuthentication();
        assertNotNull(authentication);
        assertEquals("jason", authentication.getUsername());
        assertEquals("abc123", authentication.getPassword());
    }