</component>
  <component name="ExternalStorageConfigurationManager" enabled="true" />
  <component name="FrameworkDetectionExcludesConfiguration">
    <type id="web" />
  </component>
  <component name="NullableNotNullManager">
    <option name="myDefaultNullable" value="javax.annotation.Nullable" />
    <option name="myDefaultNotNull" value="javax.annotation.Nonnull" />

   * structures.
   *
   * We make such subtle calls in [okhttp3.internal.ws.MessageInflater] because we try to read a
   * compressed stream that is terminated in a web socket frame even though the DEFLATE stream is
   * not terminated.
   *
   * Use this method to create a degenerate Okio Buffer where each byte is in a separate segment of
   * the internal list.
   */
  @JvmStatic

/// note | Technical Details

The proxy headers are:

* [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For)
* [X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto)
* [X-Forwarded-Host](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Host)

///

### Enable Proxy Forwarded Headers { #enable-proxy-forwarded-headers }

set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dfess.log.path=%FESS_HOME%\logs
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dfess.log.level=warn
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dlasta.env=web
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dtomcat.config.path=tomcat_config.properties

REM External opensearch cluster
REM set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dfess.search_engine.http_address=http://localhost:9200

{* ../../docs_src/middleware/tutorial001_py310.py hl[8:9,11,14] *}

/// tip

Keep in mind that custom proprietary headers can be added [using the `X-` prefix](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers).

import java.util.concurrent.TimeUnit
import java.util.concurrent.atomic.AtomicLong
import java.util.concurrent.atomic.AtomicReference
import okhttp3.internal.USER_AGENT
import okio.ByteString

/**
 * Exercises the web socket implementation against the
 * [Autobahn Testsuite](http://autobahn.ws/testsuite/).
 */
class AutobahnTester {
  val client = OkHttpClient()

  private fun newWebSocket(
    path: String,

import okhttp3.WebSocketListener
import okhttp3.internal.addHeaderLenient
import okhttp3.internal.http2.ErrorCode
import okhttp3.internal.http2.Settings
import okio.Buffer

/** A scripted response to be replayed by the mock web server. */
public class MockResponse {
  /** Returns the HTTP response line, such as "HTTP/1.1 200 OK". */
  public val status: String

  public val code: Int
    get() {

	claims.SetExpiry(UTCNow().Add(defaultJWTExpiry))
	claims.SetAccessKey(accessKey)
	token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, claims)
	return token.SignedString([]byte(secretKey))
}

// Tests web request authenticator.
func TestWebRequestAuthenticate(t *testing.T) {
	ctx, cancel := context.WithCancel(t.Context())
	defer cancel()

	obj, fsDir, err := prepareFS(ctx)
	if err != nil {
		t.Fatal(err)
	}

# 使用密码（及哈希）的 OAuth2，基于 JWT 的 Bearer 令牌 { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

现在我们已经有了完整的安全流程，接下来用 <abbr title="JSON Web Tokens - JSON Web 令牌">JWT</abbr> 令牌和安全的密码哈希，让应用真正安全起来。

这些代码可以直接用于你的应用，你可以把密码哈希保存到数据库中，等等。

我们将从上一章结束的地方继续，逐步完善。

## 关于 JWT { #about-jwt }

JWT 意为 “JSON Web Tokens”。

它是一种标准，把一个 JSON 对象编码成没有空格、很密集的一长串字符串。看起来像这样：

```

        public String getJobRootPackageName() {
            return "org.codelibs.fess.job";
        }

        @Override
        public String getWebRootPackageName() {
            return "org.codelibs.fess.app.web";
        }

        @Override
        public String getSubApplicationRootPackageName() {
            return "org.codelibs.fess.app";
        }

        @Override