In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

import jcifs.internal.util.SMBUtil;
import jcifs.smb.NtlmPasswordAuthenticator;
import jcifs.smb.SmbException;

/**
 * SMB1 Session Setup AndX request message.
 *
 * This command is used to authenticate a user session and
 * establish security context for subsequent operations.
 */
public class SmbComSessionSetupAndX extends AndXServerMessageBlock {

    private byte[] lmHash, ntHash, blob = null;

 * They don't specify whether a specific proxy server should be used or how to authenticate with that proxy server.

They're also concrete: each URL identifies a specific path (like `/square/okhttp`) and query (like `?q=sharks&lang=en`). Each webserver hosts many URLs.

  /** The HTTP {@code P3P} header field name. Limited browser support. */
  public static final String P3P = "P3P";

  /** The HTTP {@code Proxy-Authenticate} header field name. */
  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";

  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
  public static final String REFRESH = "Refresh";

  /**

  fi
  echo "Upgraded pyenv version: $(pyenv --version)"
fi

# Scheduled nightly and release builds upload build artifacts (Pip packages,
# Libtensorflow archives) to GCS buckets. TFCI Mac VMs need to authenticate as
# a service account that has the right permissions to be able to do so.
set +x
if [[ -n "${GOOGLE_APPLICATION_CREDENTIALS:-}" ]]; then
  # Python 3.12 removed the module `imp` which is needed by gcloud CLI so we set

authentication, you don't need to use `mc` to generate prometheus config. You can skip reading further and move to 3.2 section.

The Prometheus endpoint in MinIO requires authentication by default. Prometheus supports a bearer token approach to authenticate prometheus scrape requests, override the default Prometheus config with the one generated using mc. To generate a Prometheus config for an alias, use [mc](https://docs.min.io/community/minio-object-store/reference/minio-mc.html#quickstart) as follows...

                }
            }
            String authHeader;
            if (response == HTTP_UNAUTHORIZED) {
                authHeader = "WWW-Authenticate";
                this.authProperty = "Authorization";
            } else {
                authHeader = "Proxy-Authenticate";
                this.authProperty = "Proxy-Authorization";
            }
            String authorization = null;

                .orElseThrow(() -> new FessSystemException("Cannot create an access token."));
    }

    /**
     * Generates and saves a new access token for the current session.
     * The token is used to authenticate API requests.
     */
    public void saveToken() {
        getSessionManager().setAttribute(Constants.SEARCH_ENGINE_API_ACCESS_TOKEN, UUID.randomUUID().toString().replace("-", ""));
    }

     * 13.5.1.
     */
    private fun isEndToEnd(fieldName: String): Boolean =
      !"Connection".equals(fieldName, ignoreCase = true) &&
        !"Keep-Alive".equals(fieldName, ignoreCase = true) &&
        !"Proxy-Authenticate".equals(fieldName, ignoreCase = true) &&
        !"Proxy-Authorization".equals(fieldName, ignoreCase = true) &&
        !"TE".equals(fieldName, ignoreCase = true) &&
        !"Trailers".equals(fieldName, ignoreCase = true) &&

### Enable Keycloak Admin REST API support

Before being able to authenticate against the Admin REST API using a client_id and a client_secret you need to make sure the client is configured as it follows:

- `account` client_id is a confidential client that belongs to the realm `{realm}`