{* ../../docs_src/behind_a_proxy/tutorial004_py310.py hl[9] *}

and then it won't include it in the OpenAPI schema.

## Mounting a sub-application { #mounting-a-sub-application }

If you need to mount a sub-application (as described in [Sub Applications - Mounts](sub-applications.md)) while also using a proxy with `root_path`, you can do it normally, as you would expect.

import java.beans.Introspector;
import java.util.Deque;

/**
 * Utility class for disposing of resources at the end of an application.
 * <p>
 * If there are resources that must be disposed of at the end of the application,
 * create a class that implements {@link Disposable} and register it with this class.
 * </p>
 *
 * @author koichik
 */
public abstract class DisposableUtil {

      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Page not found
      content:
        application/json:
          schema:

            "content": {
                "application/json": {
                    "schema": {
                        "$ref": "#/components/schemas/Message"
                    }
                }
            }
        },
        "200": {
            "description": "Successful Response",
            "content": {
                "application/json": {
                    "schema": {

from typing import Any


def get_body_model_name(openapi: dict[str, Any], path: str) -> str:
    body = openapi["paths"][path]["post"]["requestBody"]
    body_schema = body["content"]["application/x-www-form-urlencoded"]["schema"]

But then the attackers try with username `stanleyjobsox` and password `love123`.

And your application code does something like:

```Python
if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

import okio.BufferedSource
import okio.ByteString
import okio.use

/**
 * A one-shot stream from the origin server to the client application with the raw bytes of the
 * response body. Each response body is supported by an active connection to the webserver. This
 * imposes both obligations and limits on the client application.
 *
 * ### The response body must be closed.
 *

    assert app.openapi()["components"]["schemas"][body_model_name] == {
        "properties": {
            "p": {
                "anyOf": [
                    {"type": "string", "contentMediaType": "application/octet-stream"},
                    {"type": "null"},
                ],
                "title": "P",
            }
        },
        "title": body_model_name,
        "type": "object",
    }

    /** The version of the Fess application. */
    protected String version;

    /** The major version number. */
    protected int majorVersion;

    /** The minor version number. */
    protected int minorVersion;

    /** The product version string. */
    protected String productVersion;

    /** The end-of-life timestamp for the application. */
    protected long eolTime;

    <shampoo>
    <Header>
        Apply shampoo here.
    </Header>
    <Body>
        You'll have to use soap here.
    </Body>
    </shampoo>
    """