If it doesn't see an `Authorization` header, or the value doesn't have a `Bearer ` token, it will respond with a 401 status code error (`UNAUTHORIZED`) directly.

You don't even have to check if the token exists to return an error. You can be sure that if your function is executed, it will have a `str` in that token.

            }

            executor.accept(httpRequest, (response, entity) -> {
                final int httpStatusCode = response.getCode();
                if (httpStatusCode < 400 || httpStatusCode == 401) {
                    parseTokenPage(tokenPattern, responseParams, entity);
                } else {
                    String content;
                    try {

///

## 它做了什麼 { #what-it-does }

它會從請求中尋找 `Authorization` 標頭，檢查其值是否為 `Bearer ` 加上一段 token，並將該 token 以 `str` 回傳。

若未找到 `Authorization` 標頭，或其值不是 `Bearer ` token，則會直接回傳 401（`UNAUTHORIZED`）錯誤。

你不必再自行檢查 token 是否存在；你可以確信只要你的函式被執行，該 token 參數就一定會是 `str`。

你可以在互動式文件中試試看：

<img src="/img/tutorial/security/image03.png">

我們還沒驗證 token 是否有效，但這已是個開始。

## 小結 { #recap }

///

## 它做了什么 { #what-it-does }

它会在请求中查找 `Authorization` 请求头，检查其值是否为 `Bearer ` 加上一些令牌，并将该令牌作为 `str` 返回。

如果没有 `Authorization` 请求头，或者其值不包含 `Bearer ` 令牌，它会直接返回 401 状态码错误（`UNAUTHORIZED`）。

你甚至无需检查令牌是否存在即可返回错误；只要你的函数被执行，就可以确定会拿到一个 `str` 类型的令牌。

你已经可以在交互式文档中试试了：

<img src="/img/tutorial/security/image03.png">

我们还没有验证令牌是否有效，但这已经是一个良好的开端。

## 小结 { #recap }

    }

    /**
     * Test case for when the 'Authorization' header is missing.
     * Expects the server to respond with a 'WWW-Authenticate: NTLM' header and a 401 status.
     * @throws IOException
     */
    @Test
    public void testAuthenticate_NoAuthorizationHeader() throws IOException {
        // Setup: No "Authorization" header

        .Builder()
        .code(401)
        .addHeader("Connection", "close")
        .onResponseEnd(ShutdownConnection)
        .build(),
    )
    val authenticator = RecordingOkAuthenticator(null, null)
    client =
      client
        .newBuilder()
        .authenticator(authenticator)
        .build()
    executeSynchronously("/")
      .assertCode(401)

    level = DeprecationLevel.ERROR,
  )
  fun priorResponse(): Response? = priorResponse

  /**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *

        try {
            WebApiUtil.setError(200, "OK");
            WebApiUtil.setError(201, "Created");
            WebApiUtil.setError(400, "Bad Request");
            WebApiUtil.setError(401, "Unauthorized");
            WebApiUtil.setError(403, "Forbidden");
            WebApiUtil.setError(404, "Not Found");
            WebApiUtil.setError(500, "Internal Server Error");

		cause:      err,
	}
}

func errUnauthorizedAccess(err error) *s3Error {
	return &s3Error{
		code:       "UnauthorizedAccess",
		message:    "You are not authorized to perform this operation",
		statusCode: 401,
		cause:      err,
	}
}

func errEmptyRequestBody(err error) *s3Error {
	return &s3Error{
		code:       "EmptyRequestBody",
		message:    "Request body cannot be empty.",
		statusCode: 400,

            }
            if (status) {
                return new ActionResponseCredential(() -> {
                    throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized",
                            HttpServletResponse.SC_UNAUTHORIZED);
                });
            }

            // assert
            if (null == principal) {