```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"
 input.owner == false
}
EOF
```

     * @param responseType The type of SSO response required.
     * @return The action response.
     */
    ActionResponse getResponse(SsoResponseType responseType);

    /**
     * Performs logout for the specified user.
     * @param user The user to logout.
     * @return The logout URL or null if not applicable.
     */
    String logout(FessUserBean user);

Using the above `id_token` we can perform an STS request to MinIO to get temporary credentials for MinIO API operations. MinIO STS API uses [JSON Web Key Set Endpoint](https://docs.wso2.com/display/IS541/JSON+Web+Key+Set+Endpoint) to validate if JWT is valid and is properly signed.

 *
 */
@ThreadSafe
public interface Mojo {
    /** The component <code>role</code> hint for Plexus container */
    String ROLE = Mojo.class.getName();

    /**
     * Perform whatever build-process behavior this <code>Mojo</code> implements.<br>
     * This is the main trigger for the <code>Mojo</code> inside the <code>Maven</code> system, and allows
     * the <code>Mojo</code> to communicate errors.

{* ../../docs_src/extra_data_types/tutorial001_an_py310.py hl[1,3,12:16] *}

Note that the parameters inside the function have their natural data type, and you can, for example, perform normal date manipulations, like:

        if (beanDesc == null) {
            beanDesc = putIfAbsent(beanDescCache, clazz, new BeanDescImpl(clazz));
        }
        return beanDesc;
    }

    /**
     * Performs initialization.
     */
    public static void initialize() {
        synchronized (BeanDescFactory.class) {
            if (!initialized) {
                DisposableUtil.add(BeanDescFactory::clear);

   * of the second stream, and so on.
   *
   * <p>This is equivalent to {@code Stream.of(streams).flatMap(stream -> stream)}, but the returned
   * stream may perform better.
   *
   * @see Stream#concat(Stream, Stream)
   */
  @SuppressWarnings("unchecked") // could probably be avoided with a forwarding Spliterator
  @SafeVarargs

You can see more details in <a href="https://www.starlette.dev/background/" class="external-link" target="_blank">Starlette's official docs for Background Tasks</a>.

## Caveat { #caveat }

 *
 * This is the most common form of TLS authentication: clients verify that servers are trusted and
 * that they own the hostnames that they represent. Server authentication is required.
 *
 * To perform server authentication:
 *
 *  * The server's handshake certificates must have a [held certificate][HeldCertificate] (a
 *    certificate and its private key). The certificate's subject alternative names must match the

        // with SMB3's negotiation validation it's no longer possible to ignore this (on the validation response)
        // make sure that validation is performed in any case
        final Smb2SigningDigest dgst = getDigest();
        if (dgst != null && !isAsync() && (getConfig().isRequireSecureNegotiate() || getErrorCode() == NtStatus.NT_STATUS_SUCCESS)) {