* A query parameter.
    * A header.
    * A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").

                return StringUtil.EMPTY;
            }

            @Override
            public String getAppEncryptPropertyPattern() {
                return ".*password|.*key|.*token|.*secret";
            }
        };
        ComponentUtil.setFessConfig(fessConfig);
        SystemHelper systemHelper = new SystemHelper() {
            @Override
            public String getProductVersion() {

                        tokStarted = true;
                        tokBuf.append(tok.trim());
                        break;
                }
            }

            // Handle case where end of token stream and
            // still got data
            if ((!exit) && (tokStarted)) {
                retVal = tokBuf.toString();
            }
        }

        return optional ? "?" + retVal : retVal;

By default this plugin uses HTTP 1.x. To enable HTTP2 use the `MINIO_POLICY_PLUGIN_ENABLE_HTTP2` environment variable.

## Request and Response

MinIO will make a `POST` request with a JSON body to the given plugin URL. If the auth token parameter is set, it will be sent as an authorization header.

The JSON body structure can be seen from this sample:

<details><summary>Request Body Sample</summary>

```json
{
  "input": {

            }
        } else {
            server.guid = new byte[16];
            System.arraycopy(buffer, bufferIndex, server.guid, 0, 16); 
            server.oemDomainName = new String();
            // ignore SPNEGO token for now ...
        }

        return bufferIndex - start;
    }
    public String toString() {
        return new String( "SmbComNegotiateResponse[" +
            super.toString() +

It might also help avoid confusion for new developers that see an unused parameter in your code and could think it's unnecessary.

///

/// info

In this example we use invented custom headers `X-Key` and `X-Token`.

But in real cases, when implementing security, you would get more benefits from using the integrated [Security utilities (the next chapter)](../security/index.md){.internal-link target=_blank}.

///

		Key:   config.APIKey,
		Value: "",
	},
	config.KV{
		Key:   config.Proxy,
		Value: "",
	},
}

// Config represents the subnet related configuration
type Config struct {
	// The subnet license token - Deprecated Dec 2021
	License string `json:"license"`

	// The subnet api key
	APIKey string `json:"apiKey"`

	// The HTTP(S) proxy URL to use for connecting to SUBNET
	Proxy string `json:"proxy"`

  // token, and otherwise should reject the token. The audience defaults to the
  // identifier of the apiserver.
  // +optional
  optional string audience = 1;

  // expirationSeconds is the requested duration of validity of the service
  // account token. As the token approaches expiration, the kubelet volume
  // plugin will proactively rotate the service account token. The kubelet will

set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain

set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"

FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
)

.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

假设现在包含**FastAPI** app的文件 `main.py`  有些其他**路径操作**。

有个 `GET` 操作会返回错误。

有个 `POST` 操作会返回一些错误。

所有*路径操作* 都需要一个`X-Token` 头。

//// tab | Python 3.10+

```Python
{!> ../../docs_src/app_testing/app_b_an_py310/main.py!}
```

////

//// tab | Python 3.9+

```Python