.build(),
    )

    val request =
      HttpRequest
        .newBuilder(server.url("/").toUri())
        .header("Accept", "text/plain")
        .build()

    val response = httpClient.send(request, BodyHandlers.ofString())
    assertThat(response.statusCode()).isEqualTo(200)
    assertThat(response.body()).isEqualTo("hello, Java HTTP Client")

    val recorded = server.takeRequest()

                }

                if (t.isSMB2()) {
                    final Smb2CloseRequest req = new Smb2CloseRequest(this.cfg, this.fileId);
                    t.send(req, RequestParam.NO_RETRY);
                } else {
                    t.send(new SmbComClose(this.cfg, this.fid, lastWriteTime), new SmbComBlankResponse(this.cfg), RequestParam.NO_RETRY);
                }
            }
        } finally {

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

Then the Python code in your application would be equivalent to something like:

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

And the spec says that the fields have to be named like that. So `user-name` or `email` wouldn't work.

		return
	}

	if err = validateConfig(ctx, cfg, subSys); err != nil {
		var validationErr ldap.Validation
		if errors.As(err, &validationErr) {
			// If we got an LDAP validation error, we need to send appropriate
			// error message back to client (likely mc).
			writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigLDAPValidation),
				validationErr.FormatError(), r.URL)
			return
		}

                state = 0;
                throw ioe;
            }
        }
    }

    /**
     * Sends a DCERPC message and receives the response
     * @param msg the message to send
     * @throws DcerpcException if the RPC operation fails
     * @throws IOException if an I/O error occurs
     */
    public void sendrecv(final DcerpcMessage msg) throws DcerpcException, IOException {

    void getSendBufferSize_throws() throws Exception {
        // Arrange
        when(handle.getSendBufferSize()).thenThrow(new CIFSException("send size failed"));

        // Act + Assert
        CIFSException ex = assertThrows(CIFSException.class, () -> handle.getSendBufferSize());
        assertEquals("send size failed", ex.getMessage());
        verify(handle).getSendBufferSize();
    }

    @Test

```

## Example

MinIO exposes a custom S3 STS API endpoint as `Action=AssumeRoleWithCertificate`. A client has to send an HTTP `POST` request to `https://<host>:<port>?Action=AssumeRoleWithCertificate&Version=2011-06-15`. Since the authentication and authorization happens via X.509 certificates the client has to send the request over **TLS** and has to provide
a client certificate.

Then, the browser will send an HTTP `OPTIONS` request to the `:80`-backend, and if the backend sends the appropriate headers authorizing the communication from this different origin (`http://localhost:8080`) then the `:8080`-browser will let the JavaScript in the frontend send its request to the `:80`-backend.

To achieve this, the `:80`-backend must have a list of "allowed origins".

public enum RdmaCapability {
    /**
     * Remote direct read operations
     */
    RDMA_READ,

    /**
     * Remote direct write operations
     */
    RDMA_WRITE,

    /**
     * Traditional send/receive with RDMA
     */
    RDMA_SEND_RECEIVE,

    /**
     * Dynamic memory registration
     */
    MEMORY_REGISTRATION,

    /**
     * Fast memory region registration
     */