* @param maxAttemptsPerIp max attempts from single IP
     * @param maxGlobalAttemptsPerMinute max global attempts per minute
     * @param lockoutDuration duration to lock out account/IP
     * @param cleanupInterval interval for cleaning up old entries
     */
    public AuthenticationRateLimiter(int maxAttemptsPerAccount, int maxAttemptsPerIp, int maxGlobalAttemptsPerMinute,

You will see something like this:

<img src="/img/tutorial/security/image01.png">

/// check | Authorize button!

You already have a shiny new "Authorize" button.

And your *path operation* has a little lock in the top-right corner that you can click.

///

And if you click it, you have a little authorization form to type a `username` and `password` (and other optional fields):

<img src="/img/tutorial/security/image02.png">

}

func (d *naughtyDisk) Close() (err error) {
	if err = d.calcError(); err != nil {
		return err
	}
	return d.disk.Close()
}

func (d *naughtyDisk) calcError() (err error) {
	d.mu.Lock()
	defer d.mu.Unlock()
	d.callNR++
	if err, ok := d.errors[d.callNR]; ok {
		return err
	}
	if d.defaultErr != nil {
		return d.defaultErr
	}
	return nil
}

		pkey, err := key.DecodePublicKey()
		if err != nil {
			return err
		}
		pk.add(key.Kid, pkey)
	}

	return nil
}

func (pk *publicKeys) add(keyID string, key any) {
	pk.Lock()
	defer pk.Unlock()

	pk.pkMap[keyID] = key
}

func (pk *publicKeys) get(kid string) any {
	pk.RLock()
	defer pk.RUnlock()
	return pk.pkMap[kid]
}

	return "No bucket tags found for bucket: " + e.Bucket
}

// BucketObjectLockConfigNotFound - no bucket object lock config found
type BucketObjectLockConfigNotFound GenericError

func (e BucketObjectLockConfigNotFound) Error() string {
	return "No bucket object lock configuration found for bucket: " + e.Bucket
}

// BucketQuotaConfigNotFound - no bucket quota config found.

internal fun Dispatcher.assertLockNotHeld() {
  if (assertionsEnabled && Thread.holdsLock(this)) {
    throw AssertionError("Thread ${Thread.currentThread().name} MUST NOT hold lock on $this")
  }
}

/**
 * Returns the string "OkHttp" unless the library has been shaded for inclusion in another library,

  private val cleanupTask =
    object : Task("$okHttpName ConnectionPool connection closer") {
      override fun runOnce(): Long = closeConnections(System.nanoTime())
    }

  /**
   * Holding the lock of the connection being added or removed when mutating this, and check its
   * [RealConnection.noNewExchanges] property. This defends against races where a connection is
   * simultaneously adopted and removed.
   */

      return Longs.fromBytes(
          bytes[15], bytes[14], bytes[13], bytes[12], bytes[11], bytes[10], bytes[9], bytes[8]);
    }
  };

  /**
   * Models a lock-free array of bits.
   *
   * <p>We use this instead of java.util.BitSet because we need access to the array of longs and we
   * need compare-and-swap.
   */
  static final class LockFreeBitArray {

	}

	// Generate web identity STS token by interacting with OpenID IDP.
	token, err := MockOpenIDTestUserInteraction(ctx, testAppParams, "******@****.***", "dillon")
	if err != nil {
		c.Fatalf("mock user err: %v", err)
	}
	// fmt.Printf("TOKEN: %s\n", token)

	webID := cr.STSWebIdentity{
		Client:      s.TestSuiteCommon.client,
		STSEndpoint: s.endPoint,

mockserver = { module = "org.testcontainers:mockserver", version.ref = "testcontainers" }
mockserver-client = { module = "org.mock-server:mockserver-client-java-no-dependencies", version.ref = "mockserverClient" }
nativeImageSvm = { module = "org.graalvm.nativeimage:svm", version.ref = "graalvm" }
openjsse = "org.openjsse:openjsse:1.1.14"