assertEscaping(xmlEscaper, "\uFFFD", '\uFFFF');

    assertEquals(
        "0xFFFE is forbidden and should be replaced during escaping",
        "[\uFFFD]",
        xmlEscaper.escape("[\ufffe]"));
    assertEquals(
        "0xFFFF is forbidden and should be replaced during escaping",
        "[\uFFFD]",
        xmlEscaper.escape("[\uffff]"));
  }

   * with {@code FeatureSpecificTestSuiteBuilder.suppressing()} until <a
   * href="https://bugs.openjdk.org/browse/JDK-6409434">JDK-6409434</a> is fixed. It's unclear
   * whether nulls were to be permitted or forbidden, but presumably the eventual fix will be to
   * permit them, as it seems more likely that code would depend on that behavior than on the other.
   * Thus, we say the bug is in add(), which fails to support null.
   */

   * with {@code FeatureSpecificTestSuiteBuilder.suppressing()} until <a
   * href="https://bugs.openjdk.org/browse/JDK-6409434">JDK-6409434</a> is fixed. It's unclear
   * whether nulls were to be permitted or forbidden, but presumably the eventual fix will be to
   * permit them, as it seems more likely that code would depend on that behavior than on the other.
   * Thus, we say the bug is in add(), which fails to support null.
   */

The keys "exp", "parent" and "sub" in the `claims` object are reserved and if present are ignored by MinIO.

If the token is not valid or access is not approved, the plugin must return a `403` (forbidden) HTTP status code. The body must have an `application/json` content-type with the following structure:

```json
{
    "reason": <string>
}
```

The reason message is returned to the client.

   * with {@code FeatureSpecificTestSuiteBuilder.suppressing()} until <a
   * href="https://bugs.openjdk.org/browse/JDK-6409434">JDK-6409434</a> is fixed. It's unclear
   * whether nulls were to be permitted or forbidden, but presumably the eventual fix will be to
   * permit them, as it seems more likely that code would depend on that behavior than on the other.
   * Thus, we say the bug is in set(), which fails to support null.
   */

 *   /|\      |
 *  / | \     f
 * a  b  c
 * }
 *
 * <p>can be iterated over in preorder (hdabcegf), postorder (abcdefgh), or breadth-first order
 * (hdegabcf).
 *
 * <p>Null nodes are strictly forbidden.
 *
 * <p>Because this is an abstract class, not an interface, you can't use a lambda expression to
 * implement it:
 *
 * {@snippet :
 * // won't work

	message := googleAPIErr.Errors[0].Message

	switch reason {
	case "required":
		// Anonymous users does not have storage.xyz access to project 123.
		fallthrough
	case "keyInvalid":
		fallthrough
	case "forbidden":
		err = PrefixAccessDenied{
			Bucket: bucket,
			Object: object,
		}
	case "invalid":
		err = BucketNameInvalid{
			Bucket: bucket,
		}
	case "notFound":
		if object != "" {

 *   /|\      |
 *  / | \     f
 * a  b  c
 * }
 *
 * <p>can be iterated over in preorder (hdabcegf), postorder (abcdefgh), or breadth-first order
 * (hdegabcf).
 *
 * <p>Null nodes are strictly forbidden.
 *
 * <p>Because this is an abstract class, not an interface, you can't use a lambda expression to
 * implement it:
 *
 * {@snippet :
 * // won't work