/**
 * A container for data that is specific to a session.
 * All components may use this storage to associate arbitrary data with a session.
 * <p>
 * Unlike a cache, this session data is not subject to purging. For this same reason, session data should also not be
 * abused as a cache (i.e. for storing values that can be re-calculated) to avoid memory exhaustion.
 * <p>

   *     expectContents(E...)} and its friends.
   */
  protected abstract Collection<E> actualContents();

  /**
   * Replaces the existing container under test with a new container created by the subject
   * generator.
   *
   * @see #resetContainer(Object) resetContainer(C)
   * @return the new container instance.
   */
  @CanIgnoreReturnValue
  protected C resetContainer() {

func (c *OperatorDNS) addAuthHeader(r *http.Request) error {
	if c.username == "" || c.password == "" {
		return nil
	}

	claims := &jwt.StandardClaims{
		ExpiresAt: int64(15 * time.Minute),
		Issuer:    c.username,
		Subject:   config.EnvDNSWebhook,
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
	ss, err := token.SignedString([]byte(c.password))
	if err != nil {
		return err
	}

   *
   * <p>Despite the method name, this method attempts to avoid actually copying the data when it is
   * safe to do so. The exact circumstances under which a copy will or will not be performed are
   * undocumented and subject to change.
   *
   * <p>This method is not type-safe, as it may be called on elements that are not mutually
   * comparable.
   *
   * @throws ClassCastException if the elements are not mutually comparable

   * (unless the executor has been shutdown).
   *
   * <p>The returned executor is backed by the executor returned by {@link
   * MoreExecutors#newDirectExecutorService} and subject to the same constraints.
   *
   * <p>Although all tasks are immediately executed in the thread that submitted the task, this
   * {@code ExecutorService} imposes a small locking overhead on each task submission in order to

        assertEquals("mail.send.mock", FessEnv.MAIL_SEND_MOCK);
        assertEquals("mail.smtp.server.main.host.and.port", FessEnv.MAIL_SMTP_SERVER_MAIN_HOST_AND_PORT);
        assertEquals("mail.subject.test.prefix", FessEnv.MAIL_SUBJECT_TEST_PREFIX);
        assertEquals("mail.return.path", FessEnv.MAIL_RETURN_PATH);
    }

    // Test default values

### Certificate Pinning ([.kt][CertificatePinningKotlin], [.java][CertificatePinningJava])

用權杖有效期建立一個 `timedelta`。

建立真正的 JWT access token 並回傳它。

{* ../../docs_src/security/tutorial004_an_py310.py hl[121:136] *}

### 關於 JWT「主體」`sub` 的技術細節 { #technical-details-about-the-jwt-subject-sub }

JWT 規範說有個鍵 `sub`，代表權杖的主體（subject）。

使用它是可選的，但通常會把使用者的識別資訊放在這裡，所以我們在此採用。

JWT 除了用來識別使用者並允許他直接對你的 API 執行操作外，也可用於其他用途。

例如，你可以識別一台「車」或一篇「部落格文章」。

接著可以替該實體加上權限，如「drive」（對車而言）或「edit」（對文章而言）。

用令牌的过期时间创建一个 `timedelta`。

创建一个真正的 JWT 访问令牌并返回它。

{* ../../docs_src/security/tutorial004_an_py310.py hl[121:136] *}

### 关于 JWT “主题” `sub` 的技术细节 { #technical-details-about-the-jwt-subject-sub }

JWT 规范中有一个 `sub` 键，表示令牌的“主题”（subject）。

使用它是可选的，但通常会把用户的标识放在这里，所以本例中我们使用它。

JWT 除了用于识别用户并允许其直接在你的 API 上执行操作之外，还可能用于其他场景。

例如，你可以用它来标识一辆“车”或一篇“博客文章”。

然后你可以为该实体添加权限，比如“drive”（用于车）或“edit”（用于博客）。

    initCollectionWithNullElement();
    expectReturnsTrue(disjoint);
    expectContents();
  }

  // retainAll(null)

  /*
   * AbstractCollection fails the retainAll(null) test when the subject
   * collection is empty, but we'd still like to test retainAll(null) when we
   * can. We split the test into empty and non-empty cases. This allows us to
   * suppress only the former.
   */