// This would integrate with SMB3 encryption/signing
        if (!isAuthorizedAccess(remoteAddress, length, remoteKey)) {
            throw new SecurityException("Unauthorized RDMA remote access");
        }
    }
    
    private boolean isAuthorizedAccess(long address, int length, int key) {
        // Implementation would check against established security context

        try {
            WebApiUtil.setError(200, "OK");
            WebApiUtil.setError(201, "Created");
            WebApiUtil.setError(400, "Bad Request");
            WebApiUtil.setError(401, "Unauthorized");
            WebApiUtil.setError(403, "Forbidden");
            WebApiUtil.setError(404, "Not Found");
            WebApiUtil.setError(500, "Internal Server Error");
            WebApiUtil.setError(502, "Bad Gateway");

            }
            if (status) {
                return new ActionResponseCredential(() -> {
                    throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized",
                            HttpServletResponse.SC_UNAUTHORIZED);
                });
            }

            // assert
            if (null == principal) {

{* ../../docs_src/security/tutorial003.py hl[58:66,69:72,90] *}

/// info | 정보

여기서 반환하는 값이 `Bearer`인 추가 헤더 `WWW-Authenticate`도 사양의 일부입니다.

모든 HTTP(오류) 상태 코드 401 "UNAUTHORIZED"는 `WWW-Authenticate` 헤더도 반환해야 합니다.

베어러 토큰의 경우(지금의 경우) 해당 헤더의 값은 `Bearer`여야 합니다.

실제로 추가 헤더를 건너뛸 수 있으며 여전히 작동합니다.

그러나 여기에서는 사양을 준수하도록 제공됩니다.

///

## どのように動作するか

リクエストの中に`Authorization`ヘッダーを探しに行き、その値が`Bearer`と何らかのトークンを含んでいるかどうかをチェックし、そのトークンを`str`として返します。

もし`Authorization`ヘッダーが見つからなかったり、値が`Bearer`トークンを持っていなかったりすると、401 ステータスコードエラー (`UNAUTHORIZED`) で直接応答します。

トークンが存在するかどうかをチェックしてエラーを返す必要はありません。関数が実行された場合、そのトークンに`str`が含まれているか確認できます。

インタラクティブなドキュメントですでに試すことができます:

<img src="/img/tutorial/security/image03.png">

use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the

        // Verify witness service is authorized
        if (!isAuthorizedWitnessServer(witnessServer)) {
            throw new SecurityException("Unauthorized witness server: " + witnessServer);
        }
    }
    
    public void validateNotification(WitnessNotification notification) throws SecurityException {
        // Validate notification authenticity

                final RestStatus status = ((OpenSearchStatusException) cause).status();
                switch (status) {
                case UNAUTHORIZED:
                    logger.warn("[{}] Unauthorized access: {}", i, SystemUtil.getSearchEngineHttpAddress(), cause);
                    break;
                default:

    /** The key of the message: You cannot delete a user who is logged in. */
    public static final String ERRORS_could_not_delete_logged_in_user = "{errors.could_not_delete_logged_in_user}";

    /** The key of the message: Unauthorized request. */
    public static final String ERRORS_unauthorized_request = "{errors.unauthorized_request}";

    /** The key of the message: Failed to print a thread dump. */

  If you do not, you risk allowing unauthorized users to access your apiserver.
  * You *MUST* set `--anonymous-auth=false` flag on your federation apiserver unless you are a developer testing this feature and understand it.
    If you do not, you risk allowing unauthorized users to access your federation apiserver.