<error-page>
    <error-code>400</error-code>
    <location>/WEB-INF/view/error/redirect.jsp?type=badRequest</location>
  </error-page>
  <error-page>
    <error-code>401</error-code>
    <location>/WEB-INF/view/error/redirect.jsp?type=badAuth</location>
  </error-page>
  <error-page>
    <error-code>403</error-code>
    <location>/WEB-INF/view/error/redirect.jsp?type=logOut</location>

 * authenticate. If so it is likely that further attempts will not be useful and the authenticator
 * should give up.
 *
 * When reactive authentication is requested by an origin web server, the response code is 401
 * and the implementation should respond with a new request that sets the "Authorization" header.
 *
 * ```java
 * if (response.request().header("Authorization") != null) {

{* ../../docs_src/security/tutorial003.py hl[58:66,69:72,90] *}

/// info | 정보

여기서 반환하는 값이 `Bearer`인 추가 헤더 `WWW-Authenticate`도 사양의 일부입니다.

모든 HTTP(오류) 상태 코드 401 "UNAUTHORIZED"는 `WWW-Authenticate` 헤더도 반환해야 합니다.

베어러 토큰의 경우(지금의 경우) 해당 헤더의 값은 `Bearer`여야 합니다.

실제로 추가 헤더를 건너뛸 수 있으며 여전히 작동합니다.

그러나 여기에서는 사양을 준수하도록 제공됩니다.

/// info | Informação

O cabeçalho adicional `WWW-Authenticate` com valor `Bearer` que estamos retornando aqui também faz parte da especificação.

Qualquer código de status HTTP (erro) 401 "UNAUTHORIZED" também deve retornar um cabeçalho `WWW-Authenticate`.

No caso de tokens ao portador (nosso caso), o valor desse cabeçalho deve ser `Bearer`.

Na verdade, você pode pular esse cabeçalho extra e ainda funcionaria.

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

If it doesn't see an `Authorization` header, or the value doesn't have a `Bearer ` token, it will respond with a 401 status code error (`UNAUTHORIZED`) directly.

You don't even have to check if the token exists to return an error. You can be sure that if your function is executed, it will have a `str` in that token.

            }

            executor.accept(httpRequest, (response, entity) -> {
                final int httpStatusCode = response.getStatusLine().getStatusCode();
                if (httpStatusCode < 400 || httpStatusCode == 401) {
                    parseTokenPage(tokenPattern, responseParams, entity);
                } else {
                    String content;
                    try {

Wenn es keinen `Authorization`-Header sieht, oder der Wert keinen `Bearer`-Token hat, antwortet es direkt mit einem 401-Statuscode-Error (`UNAUTHORIZED`).

Sie müssen nicht einmal prüfen, ob der Token existiert, um einen Fehler zurückzugeben. Seien Sie sicher, dass Ihre Funktion, wenn sie ausgeführt wird, ein `str` in diesem Token enthält.

Если он не видит заголовка `Authorization` или значение не имеет токена `Bearer`, то в ответ будет выдана ошибка с кодом состояния 401 (`UNAUTHORIZED`).

Для возврата ошибки даже не нужно проверять, существует ли токен. Вы можете быть уверены, что если ваша функция была выполнена, то в этом токене есть `строка`.

                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake
        int responseCode = ntlmConnection.getResponseCode();

        // Assert - Verify we got the 401 response (simplified test)
        assertEquals(HTTP_UNAUTHORIZED, responseCode);

        // In a real scenario, the connection would reconnect and send Type1/Type3 messages