## 实际效果

打开 API 文档：<a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>。

### 身份验证

点击**Authorize**按钮。

使用以下凭证：

用户名：`johndoe`

密码：`secret`

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image04.png">

通过身份验证后，显示下图所示的内容：

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image05.png">

### 获取当前用户数据

# Settings and Environment Variables

In many cases your application could need some external settings or configurations, for example secret keys, database credentials, credentials for email services, etc.

Most of these settings are variable (can change), like database URLs. And many could be sensitive, like secrets.

For this reason it's common to provide them in environment variables that are read by the application.

/// tip

		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,
			Description: "policies to apply for plugin authorized users" + defaultHelpPostfix(RolePolicy),
			Type:        "string",
		},
		config.HelpKV{

   * comparator to look for it wherever it wants.
   *
   * Note that we do NOT touch the comparator returned by comparator(), which
   * should be identical to the one the user passed in. We touch only the
   * "secret" comparator used by the delegate implementation.
   */

  private static <K, V> SortedMap<K, V> newModifiableDelegate(Comparator<? super K> comparator) {
    return newTreeMap(nullAccepting(comparator));
  }

                possibleWorkgroup = false;
            }
        }

        msg = req.getHeader("Authorization");
        offerBasic = this.enableBasic && ( this.insecureBasic || req.isSecure() );

        if ( msg != null && ( msg.startsWith("NTLM ") || ( offerBasic && msg.startsWith("Basic ") ) ) ) {

            if ( msg.startsWith("NTLM ") ) {
                byte[] challenge;

func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
	return xhttp.ConnSettings{
		LookupHost:       globalDNSCache.LookupHost,
		RootCAs:          globalRootCAs,
		CipherSuites:     fips.TLSCiphersBackwardCompatible(),
		CurvePreferences: fips.TLSCurveIDs(),
		TCPOptions:       globalTCPOptions,
		EnableHTTP2:      false,
	}.NewRemoteTargetHTTPTransport(insecure)
}

O único detalhe que falta é que ainda não é realmente "seguro".

대화형 문서 열기: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>.

### 인증하기

"Authorize" 버튼을 눌러봅시다.

자격 증명을 사용합니다.

유저명: `johndoe`

패스워드: `secret`

<img src="/img/tutorial/security/image04.png">

시스템에서 인증하면 다음과 같이 표시됩니다:

<img src="/img/tutorial/security/image05.png">

### 자신의 유저 데이터 가져오기

이제 `/users/me` 경로에 `GET` 작업을 진행합시다.

                possibleWorkgroup = false;
            } 
        }

        msg = req.getHeader( "Authorization" );
        offerBasic = enableBasic && (insecureBasic || req.isSecure());

        if( msg != null && (msg.startsWith( "NTLM " ) ||
                    (offerBasic && msg.startsWith("Basic ")))) {

            if( msg.startsWith("NTLM ")) {
                byte[] challenge;

* Previously a deleted service account or bootstrapping token secret would be considered valid until it was reaped. It is now invalid as soon as the `deletionTimestamp` is set. ([#48343](https://github.com/kubernetes/kubernetes/pull/48343), [@deads2k](https://github.com/deads2k); [#49057](https://github.com/kubernetes/kubernetes/pull/49057), [@ericchiang](https://github.com/ericchiang))