return capacityWithoutIt >= addressState.policy.minimumConcurrentCalls
  }

  /**
   * Prunes any leaked calls and then returns the number of remaining live calls on [connection].
   * Calls are leaked if the connection is tracking them but the application code has abandoned
   * them. Leak detection is imprecise and relies on garbage collection.
   */

```

////

/// info

The additional header `WWW-Authenticate` with value `Bearer` we are returning here is also part of the spec.

Any HTTP (error) status code 401 "UNAUTHORIZED" is supposed to also return a `WWW-Authenticate` header.

In the case of bearer tokens (our case), the value of that header should be `Bearer`.

You can actually skip that extra header and it would still work.

<html>
<head>
    <meta charset="UTF-8">
    <title><la:message key="labels.admin_brand_title"/> | <la:message
            key="labels.bad_word_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>

<html>
<head>
    <meta charset="UTF-8">
    <title><la:message key="labels.admin_brand_title"/> | <la:message
            key="labels.bad_word_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>

<html>
<head>
    <meta charset="UTF-8">
    <title><la:message key="labels.admin_brand_title"/> | <la:message
            key="labels.bad_word_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>

	// signatures.
	//
	// Validates all incoming requests to have a valid date header.
	setAuthMiddleware,
	// Redirect some pre-defined browser request paths to a static location
	// prefix.
	setBrowserRedirectMiddleware,
	// Adds 'crossdomain.xml' policy middleware to serve legacy flash clients.
	setCrossDomainPolicyMiddleware,
	// Limits all body and header sizes to a maximum fixed limit
	setRequestLimitMiddleware,

	req, _ := http.NewRequest(http.MethodOptions, s.endPoint, nil)
	req.Header.Set("Origin", "http://foobar.com")
	res, err := s.client.Do(req)
	if err != nil {
		c.Fatal(err)
	}

	for k := range expectedMap {
		if v, ok := res.Header[k]; !ok {
			c.Errorf("Expected key %s missing from %v", k, res.Header)
		} else {
			expectedSet := set.CreateStringSet(expectedMap[k]...)

			req.Header.Set("X-Amz-Copy-Source-If-Modified-Since", testCase.copyModifiedHeader)
		}
		if testCase.copyUnmodifiedHeader != "" {
			req.Header.Set("X-Amz-Copy-Source-If-Unmodified-Since", testCase.copyUnmodifiedHeader)
		}
		// Add custom metadata.
		for k, v := range testCase.metadata {
			req.Header.Set(k, v)
		}
		if testCase.metadataReplace {

package okhttp3

import java.io.IOException
import okhttp3.internal.SuppressSignatureCheck

/** Data classes that correspond to each of the methods of [ConnectionListener]. */
@SuppressSignatureCheck
sealed class ConnectionEvent {
  abstract val timestampNs: Long
  open val connection: Connection?
    get() = null

  /** Returns if the event closes this event, or null if this is no open event. */

# HTTP Basic Auth

For the simplest cases, you can use HTTP Basic Auth.

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.