public enum RdmaCapability {
    /**
     * Remote direct read operations
     */
    RDMA_READ,

    /**
     * Remote direct write operations
     */
    RDMA_WRITE,

    /**
     * Traditional send/receive with RDMA
     */
    RDMA_SEND_RECEIVE,

    /**
     * Dynamic memory registration
     */
    MEMORY_REGISTRATION,

    /**
     * Fast memory region registration
     */

            Doc(
                """
                By default, if no HTTP Authorization header is provided, required for
                OpenID Connect authentication, it will automatically cancel the request
                and send the client an error.

                If `auto_error` is set to `False`, when the HTTP Authorization header
                is not available, instead of erroring out, the dependency result will
                be `None`.

    /** Default socket timeout in milliseconds */
    int DEFAULT_SO_TIMEOUT = 35000;
    /** Default receive buffer size in bytes */
    int DEFAULT_RCV_BUF_SIZE = 60416;
    /** Default send buffer size in bytes */
    int DEFAULT_SND_BUF_SIZE = 16644;
    /** Default session limit */
    int DEFAULT_SSN_LIMIT = 250;
    /** Default connection timeout in milliseconds */
    int DEFAULT_CONN_TIMEOUT = 35000;

    void getSendBufferSize_throws() throws Exception {
        // Arrange
        when(handle.getSendBufferSize()).thenThrow(new CIFSException("send size failed"));

        // Act + Assert
        CIFSException ex = assertThrows(CIFSException.class, () -> handle.getSendBufferSize());
        assertEquals("send size failed", ex.getMessage());
        verify(handle).getSendBufferSize();
    }

    @Test

Then, the browser will send an HTTP `OPTIONS` request to the `:80`-backend, and if the backend sends the appropriate headers authorizing the communication from this different origin (`http://localhost:8080`) then the `:8080`-browser will let the JavaScript in the frontend send its request to the `:80`-backend.

To achieve this, the `:80`-backend must have a list of "allowed origins".

```

## Example

MinIO exposes a custom S3 STS API endpoint as `Action=AssumeRoleWithCertificate`. A client has to send an HTTP `POST` request to `https://<host>:<port>?Action=AssumeRoleWithCertificate&Version=2011-06-15`. Since the authentication and authorization happens via X.509 certificates the client has to send the request over **TLS** and has to provide
a client certificate.

        .build(),
    )

    val request =
      HttpRequest
        .newBuilder(server.url("/").toUri())
        .header("Accept", "text/plain")
        .build()

    val response = httpClient.send(request, BodyHandlers.ofString())
    assertThat(response.statusCode()).isEqualTo(200)
    assertThat(response.body()).isEqualTo("hello, Java HTTP Client")

    val recorded = server.takeRequest()

    def write_notification(email: str, message=""):
        with open("log.txt", mode="w") as email_file:
            content = f"notification for {email}: {message}"
            email_file.write(content)


    @app.post("/send-notification/{email}")
    async def send_notification(email: str, background_tasks: BackgroundTasks):
        background_tasks.add_task(write_notification, email, message="some notification")

But if we use the same model for another *path operation*, we could be sending our user's passwords to every client.

/// danger

Never store the plain password of a user or send it in a response like this, unless you know all the caveats and you know what you are doing.

///

## Add an output model { #add-an-output-model }

```
curl -X PUT --data-binary @example.rego \
  localhost:8181/v1/policies/putobject
```

### 4. Setup MinIO with OPA

Set the `MINIO_POLICY_PLUGIN_URL` as the endpoint that MinIO should send authorization requests to. Then start the server.

```sh
export MINIO_POLICY_PLUGIN_URL=http://localhost:8181/v1/data/httpapi/authz/allow
export MINIO_CI_CD=1
export MINIO_ROOT_USER=minio