package jcifs.spnego;

import jcifs.CIFSException;

/**
 * Exception thrown during SPNEGO authentication processing.
 *
 * This exception indicates an error in SPNEGO token processing,
 * negotiation, or authentication flow.
 *
 * @author mbechler
 */
public class SpnegoException extends CIFSException {

    /**
     *
     */
    private static final long serialVersionUID = -4591854684249021395L;

    /**

## `username` und `password` entgegennehmen { #get-the-username-and-password }

Wir werden **FastAPIs** Sicherheits-Werkzeuge verwenden, um den `username` und das `password` entgegenzunehmen.

OAuth2 spezifiziert, dass der Client/Benutzer bei Verwendung des „Password Flow“ (den wir verwenden) die Felder `username` und `password` als Formulardaten senden muss.

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

Zum Beispiel stellt eine der Möglichkeiten, die OAuth2-Spezifikation zu verwenden (genannt „password flow“), die Bedingung, einen `username` und ein `password` als Formularfelder zu senden.

    void noInteraction_whenExceptionOccursBeforeCall() {
        // Arrange
        Runnable r = mock(Runnable.class);

        // Act: simulate control flow where the exception happens before any collaborator is used
        try {
            throw new SmbUnsupportedOperationException();
        } catch (SmbUnsupportedOperationException ignored) {
            // ignore

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         RedirectURI,
			Description: `[DEPRECATED use env 'MINIO_BROWSER_REDIRECT_URL'] Configure custom redirect_uri for OpenID login flow callback` + defaultHelpPostfix(RedirectURI),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,

API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with object storage.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT: There is no console UI integration for this method of authentication and it is intended primarily for machine authentication....

 */
@ExtendWith(MockitoExtension.class)
class SmbWatchHandleImplTest {

    @Mock
    SmbFileHandleImpl handle;

    @Mock
    SmbTreeHandleImpl tree;

    // Prepare SMB2 flow with a given response
    private void setupSmb2(NotifyResponse resp, byte[] fileId) throws Exception {
        when(handle.isValid()).thenReturn(true);
        when(handle.getTree()).thenReturn(tree);

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

Por ejemplo, en una de las formas en las que se puede usar la especificación OAuth2 (llamada "password flow") se requiere enviar un `username` y `password` como campos de formulario.

Create form parameters the same way you would for `Body` or `Query`:

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

For example, in one of the ways the OAuth2 specification can be used (called "password flow") it is required to send a `username` and `password` as form fields.

The <abbr title="specification">spec</abbr> requires the fields to be exactly named `username` and `password`, and to be sent as form fields, not JSON.