/** Confirm that an unacknowledged write times out.  */
  @Test
  fun writeTimeouts() {
    val server = MockWebServer()
    // Sockets on some platforms can have large buffers that mean writes do not block when
    // required. These socket factories explicitly set the buffer sizes on sockets created.
    val socketBufferSize = 4 * 1024
    server.serverSocketFactory =
      object : DelegatingServerSocketFactory(getDefault()) {

        .build(),
    )
    val webSocket: WebSocket = newWebSocket()
    clientListener.assertOpen()
    val server = serverListener.assertOpen()
    webSocket.send("Web Sockets and Events?!")
    serverListener.assertTextMessage("Web Sockets and Events?!")
    webSocket.close(1000, "")
    serverListener.assertClosing(1000, "")
    server.close(1000, "")
    clientListener.assertClosing(1000, "")

    HTTP client adapter. (thanks kwuollett)
 *  Work around the Alcatel `getByInetAddress` bug (thanks k.kocel)
 *  Be more aggressive about testing pooled sockets before reuse. (thanks
    warpspin)
 *  Include `Content-Type` and `Content-Encoding` in the Apache HTTP client
    adapter. (thanks kwuollett)
 *  Add a media type class to OkHttp.
 *  Change custom header prefix:

次のようなユーザーインターフェイスが表示されます：

<img src="/img/tutorial/security/image07.png">

前回と同じ方法でアプリケーションの認可を行います。

次の認証情報を使用します：

Username: `johndoe`
Password: `secret`

/// check | 確認

コードのどこにも平文のパスワード"`secret`"はなく、ハッシュ化されたものしかないことを確認してください。

///

<img src="/img/tutorial/security/image08.png">

エンドポイント`/users/me/`を呼び出すと、次のようなレスポンスが得られます：

```JSON
{

| [**AssumeRole**](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)   | Let MinIO users request temporary credentials using user access and secret keys.                                                              |

### Understanding JWT Claims

> NOTE: JWT claims are only meant for WebIdentity and ClientGrants.

No, MinIO does not depend on any third-party KMS provider. You have three options here:

- Run MinIO without a KMS. In this case all IAM data will be stored in plain-text.
- Run MinIO with a single secret key. MinIO supports a static cryptographic key
  that can act as minimal KMS. With this method all IAM data will be stored
  encrypted. The encryption key has to be passed as environment variable.

Por exemplo:

{* ../../docs_src/additional_responses/tutorial004.py hl[13:17,26] *}

## Mais informações sobre retornos OpenAPI

Para verificar exatamente o que você pode incluir nos retornos, você pode conferir estas seções na especificação do OpenAPI:

* <a href="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.1.0.md#responsesObject" class="external-link" target="_blank">Objeto de Retorno OpenAPI</a>, inclui o `Response Object`.

if [ $? -ne 0 ]; then
	echo "policy mapping missing, exiting.."
	exit_1
fi

# LDAP simple user
./mc admin user svcacct add minio2 dillon --access-key testsvc --secret-key testsvc123
if [ $? -ne 0 ]; then
	echo "adding svc account failed, exiting.."
	exit_1
fi

sleep 10

./mc idp ldap policy entities minio1
./mc idp ldap policy entities minio2

          func.hashString(input, UTF_8).toString());
    }
  }

  public void testNullPointers() {
    NullPointerTester tester =
        new NullPointerTester()
            .setDefault(byte[].class, "secret key".getBytes(UTF_8))
            .setDefault(HashCode.class, HashCode.fromLong(0));
    tester.testAllPublicStaticMethods(Hashing.class);
  }

  public void testSeedlessHashFunctionEquals() throws Exception {

### Configure Keycloak Realm

- Go to Clients
  - Click on account
    - Settings
    - Change `Access Type` to `confidential`.
    - Save
  - Click on credentials tab
    - Copy the `Secret` to clipboard.
    - This value is needed for `MINIO_IDENTITY_OPENID_CLIENT_SECRET` for MinIO.

- Go to Users
  - Click on the user