}
    }

    private Dummy msg;

    @BeforeEach
    void setUp() {
        msg = new Dummy();
    }

    // ---------------- Flag manipulation tests -----------------
    @Test
    @DisplayName("Default flag value is zero")
    void testDefaultFlags() {
        assertEquals(0, msg.getFlags(), "Initial flags should be 0");
    }

                        .addException(
                                new Exception("Build failed due to log statements with a higher severity than allowed. "
                                        + "Fix the logged issues or remove flag --fail-on-severity (-fos)."));
            }

            logResult(event.getSession());

            logStats(event.getSession());

            infoLine('-');
        }
    }

It can be used by third party applications and systems.

And it can also be used by yourself, to debug, check and test the same application.

## The `password` flow { #the-password-flow }

Now let's go back a bit and understand what is all that.

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

     * Rebuilds selected configuration indices with the latest mappings.
     * Executes asynchronously in a background thread.
     *
     * @param form the action form containing the target index checkboxes and loadBulkData flag
     * @return HTML response redirecting to the maintenance page
     */
    @Execute
    @Secured({ ROLE })
    public HtmlResponse reindexConfigIndices(final ActionForm form) {

     * Used for compilation, execution and Javadoc among others.
     * The Java tools location is {@link StandardLocation#MODULE_PATH}.
     *
     * <h4>Context-sensitive interpretation</h4>
     * A dependency with this flag will not necessarily be placed on the module path.
     * There are two circumstances where the dependency may nevertheless be placed somewhere else:
     *
     * <ul>

The most common is the implicit flow.

The most secure is the code flow, but it's more complex to implement as it requires more steps. As it is more complex, many providers end up suggesting the implicit flow.

/// note

It's common that each authentication provider names their flows in a different way, to make it part of their brand.

 * <ul>
 *   <li>Filters dependencies to include only those with transitive scopes (compile/runtime)</li>
 *   <li>Applies managed dependency metadata (version, scope, optional flag, exclusions) to direct dependencies</li>
 *   <li>Removes managed dependencies that are not used by direct dependencies</li>
 *   <li>Retains only managed dependencies that appear in the resolved dependency tree</li>
 * </ul>

        }
    }

    /**
     * Processes a streaming chat request using Server-Sent Events (SSE).
     * Uses the enhanced multi-phase RAG flow with intent detection and result evaluation.
     *
     * @param request the HTTP request
     * @param response the HTTP response
     * @throws IOException if an I/O error occurs
     */

			request.Header.Set(xhttp.IfUnmodifiedSince, tc.ifUnmodifiedSince)
			actualFlag := checkPreconditions(t.Context(), recorder, request, tc.objInfo, ObjectOptions{})
			if tc.expectedFlag != actualFlag {
				t.Errorf("test: %s, got flag: %v, want: %v", tc.name, actualFlag, tc.expectedFlag)
			}
			if tc.expectedCode != recorder.Code {
				t.Errorf("test: %s, got code: %d, want: %d", tc.name, recorder.Code, tc.expectedCode)
			}
		})
	}

# OAuth2 with Password (and hashing), Bearer with JWT tokens { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Now that we have all the security flow, let's make the application actually secure, using <abbr title="JSON Web Tokens">JWT</abbr> tokens and secure password hashing.

This code is something you can actually use in your application, save the password hashes in your database, etc.