* Gets the array of supported authentication mechanisms
     * @return the mechanisms array
     */
    public ASN1ObjectIdentifier[] getMechanisms() {
        return this.mechanisms;
    }

    /**
     * Sets the array of supported authentication mechanisms
     * @param mechanisms the mechanisms to set
     */
    public void setMechanisms(final ASN1ObjectIdentifier[] mechanisms) {
        this.mechanisms = mechanisms;

        @DisplayName("Various mechanism combinations round-trip correctly")
        void testMechanismCombinations(ASN1ObjectIdentifier[] mechanisms) throws Exception {
            NegTokenInit init = new NegTokenInit(mechanisms, 0, null, null);
            byte[] encoded = init.toByteArray();
            NegTokenInit parsed = new NegTokenInit(encoded);

            if (mechanisms == null) {

///

## Other models { #other-models }

You can now get the current user directly in the *path operation functions* and deal with the security mechanisms at the **Dependency Injection** level, using `Depends`.

And you can use any model or data for the security requirements (in this case, a Pydantic model `User`).

    /**
     * Checks whether the specified security mechanism is supported.
     * @param mechanism the security mechanism OID to check
     * @return whether the specified mechanism is supported
     */
    boolean isSupported(ASN1ObjectIdentifier mechanism);

    /**
     * Checks whether the specified mechanism is the preferred mechanism.
     * @param selectedMech the selected mechanism OID

mechanisms that prevent unwanted access to the data from other tenants.

Network isolation between different models is also important not only to prevent
unauthorized access to data or models, but also to prevent malicious users or
tenants sending graphs to execute under another tenant’s identity.

The isolation mechanisms are the responsibility of the users to design and

 */

package jcifs.dcerpc;

import jcifs.dcerpc.ndr.NdrBuffer;

/**
 * Interface for providing security services for DCE/RPC communications.
 * This interface abstracts authentication and encryption mechanisms.
 */
public interface DcerpcSecurityProvider {

    /**
     * Wraps outgoing DCERPC message data for security protection
     * @param outgoing the buffer containing data to be wrapped

## FAQ

> Why is this change needed?

Before, there were two separate mechanisms - S3 objects got encrypted using a KMS,
if present, and the IAM / configuration data got encrypted with the root credentials.
Now, MinIO encrypts IAM / configuration and S3 objects with a KMS, if present. This

 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO
 * lifecycle operations like logout and metadata exchange.
 */
public interface SsoAuthenticator {

  -v D:\data:/data \
  quay.io/minio/minio server /data --console-address ":9001"
```

### Run MinIO Docker as a regular user

Docker provides standardized mechanisms to run docker containers as non-root users.

#### GNU/Linux and macOS (regular user)

On Linux and macOS you can use `--user` to run the container as regular user.

    CIFSContext tc;

    @Mock
    Configuration config;

    private static byte[] spnegoInitWithMechs(ASN1ObjectIdentifier... mechs) {
        // Build a minimal SPNEGO NegTokenInit containing the provided mechanisms
        NegTokenInit tok = new NegTokenInit(mechs, 0, null, null);
        return tok.toByteArray();
    }

    @Test
    @DisplayName("createContext: rejects NetBIOS/short host names")