}

    /**
     * Method read.
     *
     * @param reader a reader object.
     * @param strict a strict object.
     * @return Metadata
     * @throws IOException            IOException if any.
     * @throws XmlPullParserException XmlPullParserException if
     *                                any.
     */
    public Metadata read(Reader reader, boolean strict) throws IOException, XmlPullParserException {
        try {

    }

    /**
     * @param reader a reader object.
     * @param strict a strict object.
     * @return PersistedToolchains
     * @throws IOException IOException if any.
     * @throws XmlPullParserException XmlPullParserException if
     *         any.
     * @see XmlStreamReader
     */
    public PersistedToolchains read(Reader reader, boolean strict) throws IOException, XmlPullParserException {

            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/")

	return messWith("crc32-not-streamed.zip", func(b []byte) {
		// Corrupt foo.txt's final crc32 byte, in both
		// the file header and TOC. (0x7e -> 0x7f)
		b[0x11]++
		b[0x9d]++

		// TODO(bradfitz): add a new test that only corrupts
		// one of these values, and verify that that's also an
		// error. Currently, the reader code doesn't verify the
		// fileheader and TOC's crc32 match if they're both

    }

    /**
     * Wraps exception handling for {@link Properties#load(Reader)}.
     * <p>
     * The input reader is not closed.
     * </p>
     *
     * @param props the property set (must not be {@literal null})
     * @param reader the input reader (must not be {@literal null})
     */
    public static void load(final Properties props, final Reader reader) {
        assertArgumentNotNull("props", props);

	if z.ObjectV2 == nil {
		zb0001Len--
		zb0001Mask |= 0x1
	}
	// variable map header, size zb0001Len
	o = append(o, 0x80|uint8(zb0001Len))
	if (zb0001Mask & 0x1) == 0 { // if not omitted
		// string "V2Obj"
		o = append(o, 0xa5, 0x56, 0x32, 0x4f, 0x62, 0x6a)
		if z.ObjectV2 == nil {
			o = msgp.AppendNil(o)
		} else {
			// map header, size 1
			// string "DDir"
			o = append(o, 0x81, 0xa4, 0x44, 0x44, 0x69, 0x72)

FastAPI wird im <abbr title="Request – Anfrage: Daten, die der Client zum Server sendet">Request</abbr> nach diesem `Authorization`-Header suchen, prüfen, ob der Wert `Bearer ` plus ein Token ist, und den Token als `str` zurückgeben.

Wenn es keinen `Authorization`-Header sieht, oder der Wert keinen `Bearer `-Token hat, antwortet es direkt mit einem 401-Statuscode-Error (`UNAUTHORIZED`).

    user = fake_decode_token(token)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")

    }
  }

  /**
   * HTTP/2 only. Send a push promise header block.
   *
   * A push promise contains all the headers that pertain to a server-initiated request, and a
   * `promisedStreamId` to which response frames will be delivered. Push promise frames are sent as
   * a part of the response to `streamId`. The `promisedStreamId` has a priority of one greater than
   * `streamId`.
   *

因此，在端点中，只有当用户存在、通过身份验证、且状态为激活时，才能获得该用户：

{* ../../docs_src/security/tutorial003_an_py310.py hl[58:66,69:74,94] *}

/// info | 信息

此处返回值为 `Bearer` 的响应头 `WWW-Authenticate` 也是规范的一部分。

任何 401“UNAUTHORIZED”HTTP（错误）状态码都应返回 `WWW-Authenticate` 响应头。

本例中，因为使用的是 Bearer Token，该响应头的值应为 `Bearer`。

实际上，忽略这个附加响应头，也不会有什么问题。

之所以在此提供这个附加响应头，是为了符合规范的要求。

说不定什么时候，就有工具用得上它，而且，开发者或用户也可能用得上。

这就是遵循标准的好处...

///