It might also help avoid confusion for new developers that see an unused parameter in your code and could think it's unnecessary.

///

/// info

In this example we use invented custom headers `X-Key` and `X-Token`.

But in real cases, when implementing security, you would get more benefits from using the integrated [Security utilities (the next chapter)](../security/index.md){.internal-link target=_blank}.

///

      @ParametricNullness K fromKey, @ParametricNullness K toKey) {
    return subMap(fromKey, true, toKey, false);
  }

  @Override
  public NavigableMap<K, V> subMap(
      @ParametricNullness K fromKey,
      boolean fromInclusive,
      @ParametricNullness K toKey,
      boolean toInclusive) {
    return delegate().subMap(fromKey, fromInclusive, toKey, toInclusive);
  }

  @Override

      @ParametricNullness K fromKey, @ParametricNullness K toKey) {
    return subMap(fromKey, true, toKey, false);
  }

  @Override
  public NavigableMap<K, V> subMap(
      @ParametricNullness K fromKey,
      boolean fromInclusive,
      @ParametricNullness K toKey,
      boolean toInclusive) {
    return delegate().subMap(fromKey, fromInclusive, toKey, toInclusive);
  }

  @Override

### Use cases: external service { #use-cases-external-service }

An example could be that you have an external authentication provider that you need to call.

You send it a token and it returns an authenticated user.

This provider might be charging you per request, and calling it might take some extra time than if you had a fixed mock user for tests.

	}

	if subtle.ConstantTimeCompare([]byte(resp.Header.Get(xhttp.AmzRequestToken)), []byte(eventData.GetObjectContext.OutputToken)) != 1 {
		tokenErr := errorCodes.ToAPIErr(ErrInvalidToken)
		tokenErr.Description = "The request token included in the request is invalid"
		writeErrorResponse(ctx, w, tokenErr, r.URL)
		return
	}

	statusCode := resp.StatusCode
	if status := resp.Header.Get(xhttp.AmzFwdStatus); status != "" {

create a presigned URL and serve to the client for each file. Since, the client would have the session it can do it by itself.

The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations. The policy applied to these temporary credentials is inherited from the MinIO user credentials. By default, the temporary security credentials created...

                                    <tr>
                                        <th><la:message
                                                key="labels.access_token_token"/></th>
                                        <td>${f:h(token)}</td>
                                    </tr>
                                    <tr>
                                        <th><la:message key="labels.permissions"/></th>

        assertTrue(ex.getMessage().contains("ExtendedGSSContext is not implemented"));
    }

    @Test
    @DisplayName("initSecContext returns token and verifies interaction")
    void initSecContext_success() throws Exception {
        byte[] in = new byte[] { 10, 11 };
        byte[] out = new byte[] { 12, 13, 14 };

            String value = (String) provide.getValue();

            if (value == null) {
                throw new MisconfiguredToolchainException(
                        "Provides token '" + key + "' doesn't have any value configured.");
            }

            RequirementMatcher matcher;
            if ("version".equals(key)) {

    // Patterns for sensitive data - compiled once and cached
    private static final Pattern PASSWORD_PATTERN = Pattern.compile(
            "(?i)(password|passwd|pwd|secret|token|key|credential|auth)([\"']?\\s*[:=]\\s*[\"']?)([^\"',\\s]+)", Pattern.CASE_INSENSITIVE);

    private static final Pattern IP_PATTERN = Pattern.compile("\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b");