/**
     * Create username/password credentials with specified domain
     *
     * @param domain the domain for authentication
     * @param username the username for authentication
     * @param password the password for authentication
     */
    public NtlmPasswordAuthenticator(String domain, String username, String password) {
        this(domain, username, password, (AuthenticationType) null);
    }

    /**

* **TCP doesn't know about "domains"**. Only about IP addresses.
    * The information about the **specific domain** requested goes in the **HTTP data**.
* The **HTTPS certificates** "certify" a **certain domain**, but the protocol and encryption happen at the TCP level, **before knowing** which domain is being dealt with.
* **By default**, that would mean that you can only have **one HTTPS certificate per IP address**.

    int NT_STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018b;
    /** The trust relationship between the primary domain and the trusted domain failed */
    int NT_STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018c;
    /** The trust relationship between this workstation and the primary domain failed */
    int NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE = 0xC000018d;
    /** The account used is a computer account */

        NtlmPasswordAuthenticator startAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtStart));
        NtlmPasswordAuthenticator middleAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtMiddle));
        NtlmPasswordAuthenticator endAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtEnd));

        try {

    /** No more connections can be made to this remote computer */
    int NT_STATUS_REQUEST_NOT_ACCEPTED = 0xC00000d0;
    /** Indicates a domain controller could not be contacted or objects are protected */
    int NT_STATUS_CANT_ACCESS_DOMAIN_INFO = 0xC00000da;
    /** The specified domain does not exist */
    int NT_STATUS_NO_SUCH_DOMAIN = 0xC00000df;
    /** The directory name is invalid */

# Security - First Steps { #security-first-steps }

Let's imagine that you have your **backend** API in some domain.

And you have a **frontend** in another domain or in a different path of the same domain (or in a mobile application).

And you want to have a way for the frontend to authenticate with the backend, using a **username** and **password**.

We can use **OAuth2** to build that with **FastAPI**.

## Origin { #origin }

An origin is the combination of protocol (`http`, `https`), domain (`myapp.com`, `localhost`, `localhost.tiangolo.com`), and port (`80`, `443`, `8080`).

So, all these are different origins:

* `http://localhost`
* `https://localhost`
* `http://localhost:8080`

                if (index == -1) {
                    index = user.indexOf('/');
                }
                final String domain = index != -1 ? user.substring(0, index) : defaultDomain;
                user = index != -1 ? user.substring(index + 1) : user;
                ntlm = new NtlmPasswordAuthentication(domain, user, password);
            }

            req.getSession().setAttribute("npa-" + server, ntlm);

     */
    boolean isDfsDisabled();

    /**
     * Enable hack to make kerberos auth work with DFS sending short names
     *
     * This works by appending the domain name to the netbios short name and will fail horribly if this mapping is not
     * correct for your domain.
     *
     * Property {@code jcifs.smb.client.dfs.convertToFQDN} (boolean, default false)
     *
     * @return whether to convert NetBIOS names returned by DFS to FQDNs

{* ../../docs_src/advanced_middleware/tutorial002.py hl[2,6:8] *}

The following arguments are supported:

* `allowed_hosts` - A list of domain names that should be allowed as hostnames. Wildcard domains such as `*.example.com` are supported for matching subdomains. To allow any hostname either use `allowed_hosts=["*"]` or omit the middleware.