O único detalhe que falta é que ainda não é realmente "seguro".

///

## `HTTPSRedirectMiddleware`

Garante que todas as requisições devem ser `https` ou `wss`.

Qualquer requisição para `http` ou `ws` será redirecionada para o esquema seguro.

{* ../../docs_src/advanced_middleware/tutorial001.py hl[2,6] *}

## `TrustedHostMiddleware`

* `id`
* `name`
* `age`
* `secret_name`

{* ../../docs_src/sql_databases/tutorial002_an_py310.py ln[7:14] hl[12:14] *}

#### `HeroPublic` - o *modelo de dados* público

Em seguida, criamos um modelo `HeroPublic`, que será **retornado** para os clientes da API.

Ele tem os mesmos campos que `HeroBase`, então não incluirá `secret_name`.

Finalmente, a identidade dos nossos heróis está protegida! 🥷

    public void normalize(Model model, ModelBuildingRequest request) {
        if (model == null) {
            return;
        }

        model.setUrl(normalize(model.getUrl()));

        Scm scm = model.getScm();
        if (scm != null) {
            scm.setUrl(normalize(scm.getUrl()));
            scm.setConnection(normalize(scm.getConnection()));
            scm.setDeveloperConnection(normalize(scm.getDeveloperConnection()));

# OAuth2 with Password (and hashing), Bearer with JWT tokens

Now that we have all the security flow, let's make the application actually secure, using <abbr title="JSON Web Tokens">JWT</abbr> tokens and secure password hashing.

This code is something you can actually use in your application, save the password hashes in your database, etc.

We are going to start from where we left in the previous chapter and increment it.

## About JWT

    //        setVersion( af.getVersion() );
    //        setType( af.getType() );
    //        setScope( af.getScope() );
    //        setClassifier( af.getClassifier() );
    //        //setUri( af.getDownloadUrl() );
    //
    //        this.resolved = af.isResolved();
    //    }

    @Override
    public String toString() {
        return groupId + ":" + artifactId + ":" + version;
    }

            responseData.setResponseBody(data.getBytes());
            responseData.setSessionId("test-1");
            responseData.setStatus(0);
            responseData.setUrl("http://fess.codelibs.org/test.html");
            /*ResultData resultData =*/fessXpathTransformer.transform(responseData);
            // System.out.println(resultData.toString());
        }

gold:
  - url: https://cryptapi.io/
    title: "CryptAPI: Your easy to use, secure and privacy oriented payment gateway."
    img: https://fastapi.tiangolo.com/img/sponsors/cryptapi.svg
  - url: https://platform.sh/try-it-now/?utm_source=fastapi-signup&utm_medium=banner&utm_campaign=FastAPI-signup-June-2023
    title: "Build, run and scale your apps on a modern, reliable, and secure PaaS."
    img: https://fastapi.tiangolo.com/img/sponsors/platform-sh.png

        accessResult1.setParentUrl("http://www.parent.com/");
        accessResult1.setRuleId("htmlRule");
        accessResult1.setSessionId("id1");
        accessResult1.setStatus(200);
        accessResult1.setUrl("http://www.id1.com/");

        dataService.store(accessResult1);

        final OpenSearchAccessResult accessResult2 = dataService.getAccessResult("id1", "http://www.id1.com/");
        assertNotNull(accessResult2);

    private final Prompter prompter;

    @Inject
    public ConsolePasswordPrompt(Prompter prompter) {
        this.prompter = prompter;
    }

    @Override
    public String description() {
        return "Secure console password prompt";
    }

    @Override
    public Optional<String> configTemplate() {
        return Optional.empty();
    }

    @Override