@J2ObjCIncompatible // java.nio.file
@ElementTypesAreNonnullByDefault
public enum RecursiveDeleteOption {
  /**
   * Specifies that the recursive delete should not throw an exception when it can't be guaranteed
   * that it can be done securely, without vulnerability to race conditions (i.e. when the file
   * system does not support {@link SecureDirectoryStream}).
   *
   * <p><b>Warning:</b> On a file system that supports symbolic links, it is possible for an

@J2ObjCIncompatible // java.nio.file
@ElementTypesAreNonnullByDefault
public enum RecursiveDeleteOption {
  /**
   * Specifies that the recursive delete should not throw an exception when it can't be guaranteed
   * that it can be done securely, without vulnerability to race conditions (i.e. when the file
   * system does not support {@link SecureDirectoryStream}).
   *
   * <p><b>Warning:</b> On a file system that supports symbolic links, it is possible for an

```Python hl_lines="8  49  56-57  60-61  70-76"
{!> ../../docs_src/security/tutorial004_an_py310.py!}
```

////

//// tab | Python 3.9+

```Python hl_lines="8  49  56-57  60-61  70-76"
{!> ../../docs_src/security/tutorial004_an_py39.py!}
```

////

//// tab | Python 3.8+

```Python hl_lines="8  50  57-58  61-62  71-77"
{!> ../../docs_src/security/tutorial004_an.py!}
```

////

## About security, APIs, and docs

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

## Simple HTTP Basic Auth

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:125,129:135,140,156] *}

Now let's review those changes step by step.

## OAuth2 Security scheme

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

when the application topology changes, as well as translate
[routing rules](https://istio.io/latest/docs/reference/config/networking/) into proxy specific configuration.

    - [security](security/). This directory contains [security](https://istio.io/latest/docs/concepts/security/) related code,
including Citadel (acting as Certificate Authority), citadel agent, etc.

- [istio/proxy](https://github.com/istio/proxy). The Istio proxy contains

from fastapi.openapi.models import OAuth2 as OAuth2Model
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
from fastapi.param_functions import Form
from fastapi.security.base import SecurityBase
from fastapi.security.utils import get_authorization_scheme_param
from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN

//// tab | Python 3.10+

```Python hl_lines="4  78"
{!> ../../docs_src/security/tutorial003_an_py310.py!}
```

////

//// tab | Python 3.9+

```Python hl_lines="4  78"
{!> ../../docs_src/security/tutorial003_an_py39.py!}
```

////

//// tab | Python 3.8+

```Python hl_lines="4  79"
{!> ../../docs_src/security/tutorial003_an.py!}
```

////

//// tab | Python 3.10+ non-Annotated

      - tutorial/dependencies/global-dependencies.md
      - tutorial/dependencies/dependencies-with-yield.md
    - Security:
      - tutorial/security/index.md
      - tutorial/security/first-steps.md
      - tutorial/security/get-current-user.md
      - tutorial/security/simple-oauth2.md
      - tutorial/security/oauth2-jwt.md
    - tutorial/middleware.md
    - tutorial/cors.md
    - tutorial/sql-databases.md