return "user"

    app = FastAPI()

    @app.get("/")
    def endpoint(
        db: Annotated[str, Depends(get_db)],
        user: Annotated[str, Security(get_user, scopes=["read"])],
    ):
        return {"db": db}

    return app


@pytest.fixture(name="client")
def client_fixture(app: FastAPI):
    return TestClient(app)

    return "john", required_scopes.scopes


def get_user_override(required_scopes: SecurityScopes):
    return "alice", required_scopes.scopes


def get_data():
    return [1, 2, 3]


def get_data_override():
    return [3, 4, 5]


@app.get("/user")
def read_user(
    user_data: tuple[str, list[str]] = Security(get_user, scopes=["foo", "bar"]),
    data: list[int] = Depends(get_data),

  <version>0.1</version>

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>test</groupId>
        <artifactId>a</artifactId>
        <version>0.1</version>
        <scope>import</scope>
        <type>pom</type>
        <classifier>cls</classifier>
      </dependency>
    </dependencies>
  </dependencyManagement>

     * {@return all enabled sources that provide files in the given language for the given scope}.
     * If the given scope is {@code null}, then this method returns the enabled sources for all scopes.
     * If the given language is {@code null}, then this method returns the enabled sources for all languages.
     * An arbitrary number of source roots may exist for the same scope and language.
     * It may be, for example, the case of a multi-versions project.

        call_counts["get_current_user"] += 1
        return {
            "user": f"user_{call_counts['get_current_user']}",
            "scopes": security_scopes.scopes,
            "db_session": db_session,
        }

    def get_user_me(
        current_user: Annotated[dict, Security(get_current_user, scopes=["me"])],
    ):
        call_counts["get_user_me"] += 1
        return {

<img src="/img/tutorial/security/image10.png">

/// note | 참고

`Bearer `로 시작하는 값을 가진 `Authorization` 헤더에 주목하십시오.

///

## `scopes`의 고급 사용법 { #advanced-usage-with-scopes }

OAuth2에는 "scopes"라는 개념이 있습니다.

이를 사용해 JWT 토큰에 특정 권한 집합을 추가할 수 있습니다.

그런 다음 이 토큰을 사용자에게 직접 제공하거나 제3자에게 제공하여, 특정 제한사항 하에서 API와 상호작용하도록 할 수 있습니다.

 * use of HTML templating systems.
 *
 * @author Sven Mawson
 * @author David Beaumont
 * @since 15.0
 */
@GwtCompatible
public final class HtmlEscapers {
  /**
   * Returns an {@link Escaper} instance that escapes HTML metacharacters as specified by <a
   * href="http://www.w3.org/TR/html4/">HTML 4.01</a>. The resulting strings can be used both in
   * attribute values and in most elements' text contents, provided that the HTML

 */
package org.codelibs.fess.score;

import java.util.ArrayList;
import java.util.List;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
 * This class updates scores of documents.
 */
public class ScoreUpdater {
    /**
     * Constructor.
     */
    public ScoreUpdater() {
        super();
    }

/**
 * An SPI interface to extend Maven with new enum values for extensible enumerations.
 * <p>
 * Maven uses extensible enumerations to allow plugins and extensions to add new values
 * to various categories like languages, scopes, and packaging types. This interface is the
 * base for all providers that register such extensions.
 * <p>
 * Implementations of this interface are discovered through the Java ServiceLoader mechanism.

* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

Nevertheless, you might have a very specific use case where you really need to disable the API docs for some environment (e.g. for production) or depending on configurations from environment variables.