* config.setAuthSchemeType(AuthSchemeType.FORM);
 * config.setFormParameters(Map.of(
 *     "login_url", "http://example.com/login",
 *     "login_method", "POST",
 *     "login_parameters", "user=${username}&pass=${password}"
 * ));
 * config.setCredentials(credentialsConfig);
 * }</pre>
 */
public class WebAuthenticationConfig {

    /**
     * Type of authentication scheme.
     */

            result.setUpdatedBy(DfTypeUtil.toString(source.get("updatedBy")));
            result.setUpdatedTime(DfTypeUtil.toLong(source.get("updatedTime")));
            result.setUsername(DfTypeUtil.toString(source.get("username")));
            result.setWebConfigId(DfTypeUtil.toString(source.get("webConfigId")));
            return updateEntity(source, result);
        } catch (InstantiationException | IllegalAccessException e) {

前回と同じ方法でアプリケーションの認可を行います。

次の認証情報を使用します：

Username: `johndoe`
Password: `secret`

/// check | 確認

コードのどこにも平文のパスワード"`secret`"はなく、ハッシュ化されたものしかないことを確認してください。

///

<img src="/img/tutorial/security/image08.png">

エンドポイント`/users/me/`を呼び出すと、次のようなレスポンスが得られます：

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",

          java-version: 25
          distribution: 'temurin'
          cache: 'maven'
          server-id: central
          server-username: CI_DEPLOY_USERNAME
          server-password: CI_DEPLOY_PASSWORD
      - name: 'Publish'
        env:
          CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}

    val url: URL = httpUrl.url()
    val uri: URI = httpUrl.uri()
    val scheme: String = httpUrl.scheme()
    val encodedUsername: String = httpUrl.encodedUsername()
    val username: String = httpUrl.username()
    val encodedPassword: String = httpUrl.encodedPassword()
    val password: String = httpUrl.password()
    val host: String = httpUrl.host()
    val port: Int = httpUrl.port()

                buffer.append(hash).append('@');
            }
            buffer.append(proxy.getHost()).append(':').append(proxy.getPort()).append('>');
        }

        // consider the username&password because a repo manager might block artifacts depending on authorization
        Authentication auth = repository.getAuthentication();
        if (auth != null) {

        assertEquals("WORKGROUP", defaultDomain, "Should delegate default domain");
        assertEquals("testuser", defaultUsername, "Should delegate default username");
        assertEquals("testpass", defaultPassword, "Should delegate default password");
        assertEquals("jCIFS", nativeLanMan, "Should delegate native LanMan");

        verify(mockDelegate).getOemEncoding();

 *
 * {@snippet :
 * FluentFuture<UserName> userName =
 *     ClosingFuture.submit(
 *             closer -> closer.eventuallyClose(database.newTransaction(), closingExecutor),
 *             executor)
 *         .transformAsync((closer, transaction) -> transaction.queryClosingFuture("..."), executor)
 *         .transform((closer, result) -> result.get("userName"), directExecutor())

But first, let's check some small concepts.

## In a hurry? { #in-a-hurry }

If you don't care about any of these terms and you just need to add security with authentication based on username and password *right now*, skip to the next chapters.

## OAuth2 { #oauth2 }

OAuth2 is a specification that defines several ways to handle authentication and authorization.

### Browser UI

- Search UI: http://localhost:8080/

![Search UI](https://fess.codelibs.org/_images/fess_search_result1.png)

- Admin UI: http://localhost:8080/admin/ (default username/password is admin/admin)

![Admin UI](https://fess.codelibs.org/_images/fess_admin_dashboard.png)