/// <exception cref="System.Exception"/>
        public virtual void TestRequestWithAuthorization()
        {
            string              token    = KerberosTestUtils.DoAsClient(new _Callable_225());
            HttpServletRequest  request  = Org.Mockito.Mockito.Mock <HttpServletRequest>();
            HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();

            Org.Mockito.Mockito.When(request.GetHeader(KerberosAuthenticator.Authorization)).
            ThenReturn(KerberosAuthenticator.Negotiate + " " + token);
            Org.Mockito.Mockito.When(request.GetServerName()).ThenReturn("localhost");
            AuthenticationToken authToken = handler.Authenticate(request, response);

            if (authToken != null)
            {
                Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
                                                                                      .WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
                                                                                                                                     " .*"));
                Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
                Assert.Equal(KerberosTestUtils.GetClientPrincipal(), authToken
                             .GetName());
                Assert.True(KerberosTestUtils.GetClientPrincipal().StartsWith(authToken
                                                                              .GetUserName()));
                Assert.Equal(GetExpectedType(), authToken.GetType());
            }
            else
            {
                Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
                                                                                      .WwwAuthenticate), Org.Mockito.Mockito.Matches(KerberosAuthenticator.Negotiate +
                                                                                                                                     " .*"));
                Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScUnauthorized
                                                               );
            }
        }
        /// <summary>
        /// It enforces the the Kerberos SPNEGO authentication sequence returning an
        /// <see cref="AuthenticationToken"/>
        /// only
        /// after the Kerberos SPNEGO sequence has completed successfully.
        /// </summary>
        /// <param name="request">the HTTP client request.</param>
        /// <param name="response">the HTTP client response.</param>
        /// <returns>
        /// an authentication token if the Kerberos SPNEGO sequence is complete and valid,
        /// <code>null</code> if it is in progress (in this case the handler handles the response to the client).
        /// </returns>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     ">thrown if Kerberos SPNEGO sequence failed.</exception>
        public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                         response)
        {
            AuthenticationToken token = null;
            string authorization      = request.GetHeader(KerberosAuthenticator.Authorization);

            if (authorization == null || !authorization.StartsWith(KerberosAuthenticator.Negotiate
                                                                   ))
            {
                response.SetHeader(WwwAuthenticate, KerberosAuthenticator.Negotiate);
                response.SetStatus(HttpServletResponse.ScUnauthorized);
                if (authorization == null)
                {
                    Log.Trace("SPNEGO starting");
                }
                else
                {
                    Log.Warn("'" + KerberosAuthenticator.Authorization + "' does not start with '" +
                             KerberosAuthenticator.Negotiate + "' :  {}", authorization);
                }
            }
            else
            {
                authorization = Runtime.Substring(authorization, KerberosAuthenticator.Negotiate
                                                  .Length).Trim();
                Base64 base64      = new Base64(0);
                byte[] clientToken = base64.Decode(authorization);
                string serverName  = request.GetServerName();
                try
                {
                    token = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_347(this, serverName
                                                                                           , clientToken, base64, response));
                }
                catch (PrivilegedActionException ex)
                {
                    if (ex.GetException() is IOException)
                    {
                        throw (IOException)ex.GetException();
                    }
                    else
                    {
                        throw new AuthenticationException(ex.GetException());
                    }
                }
            }
            return(token);
        }