[Test] Fix header value assertion for 401 error

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java

@@ -6,6 +6,7 @@
  */
 package org.elasticsearch.xpack.security.user;
 
+import org.apache.http.Header;
 import org.apache.http.util.EntityUtils;
 import org.elasticsearch.action.get.GetAction;
 import org.elasticsearch.action.get.GetRequest;
@@ -26,13 +27,15 @@
 import org.junit.BeforeClass;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
 
 import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.hasItems;
 import static org.hamcrest.Matchers.hasKey;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
-import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 
 public class AnonymousUserIntegTests extends SecurityIntegTestCase {
@@ -75,8 +78,11 @@ public void testAnonymousViaHttp() throws Exception {
                 assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
             } else {
                 assertThat(statusCode, is(401));
-                assertThat(response.getHeader("WWW-Authenticate"), notNullValue());
-                assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic"));
+                final List<String> wwwAuthenticateHeaders = Arrays.stream(response.getHeaders())
+                    .filter(header -> "WWW-Authenticate".equalsIgnoreCase(header.getName()))
+                    .map(Header::getValue)
+                    .toList();
+                assertThat(wwwAuthenticateHeaders, hasItems(containsString("Basic"), containsString("ApiKey")));
                 assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
             }
         }