# - 11 (sometimes) to *download* to support anyone who runs JDiff or our Gradle integration tests (including our doc snapshots and our Java 11 CI test run) but not to use directly
      # - 24 for running Javadoc and javac (to help people who build Guava locally and might not use a recent JDK to run Maven)
      - name: 'Set up JDKs'

     * which hold TGT retrieved from KDC. If multiple TGT are contained, the
     * first one will be used to retrieve user principal.
     *
     * @param subject
     *            represents the user who perform Kerberos authentication.
     *            It contains tickets retrieve from KDC.
     */
    public Kerb5Authenticator(Subject subject) {
        this.subject = subject;
    }

    /**

# AssumeRoleWithClientGrants [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

## Introduction

Returns a set of temporary security credentials for applications/clients who have been authenticated through client credential grants provided by identity provider. Example providers include KeyCloak, Okta etc.

	Source          string // Contains line, function and filename requesting the lock.
	Group           bool   // indicates if it was a group lock.
	Owner           string // Owner represents the UUID of the owner who originally requested the lock.
	Quorum          int    // Quorum represents the quorum required for this lock to be active.
	idx             int    `msg:"-"` // index of the lock in the lockMap.
}

                 * name cached from WINS.
                 *
                 * So, here we apply the source addresses hashCode to each name to
                 * make them specific to who resolved the name.
                 */

                srcHashCode = request.addr.hashCode();
                for (int i = 0; i < response.addressArray.length; i++) {

   * TypeVariableImpl}. Otherwise it throws {@link UnsupportedOperationException}; this should only
   * apply to {@code getAnnotatedBounds()}. This does mean that users on Java who obtain an instance
   * of {@code TypeVariable} from {@link TypeResolver#resolveType} will not be able to call {@code
   * getAnnotatedBounds()} on it, but that should hopefully be rare.
   *

      <activation>
        <property>
          <name>surefire.toolchain.version</name>
          <!-- the value provided by GitHub CI (which maybe we could even change, but supporting "8" seems nice for any users who try pass that value manually) -->
          <value>8</value>
        </property>
      </activation>
      <properties>
        <test.add.opens></test.add.opens>
      </properties>
    </profile>

      <activation>
        <property>
          <name>surefire.toolchain.version</name>
          <!-- the value provided by GitHub CI (which maybe we could even change, but supporting "8" seems nice for any users who try pass that value manually) -->
          <value>8</value>
        </property>
      </activation>
      <properties>
        <test.add.opens></test.add.opens>
      </properties>
    </profile>

## API Request Parameters

### WebIdentityToken

The OAuth 2.0 id_token that is provided by the web identity provider. Application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

| Params               | Value                                          |

	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	userDN := r.Form.Get("userDN")

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,