set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain

set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"

FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
)

امنیت و احرازهویت بدون هیچگونه ارتباط و مصالحه ای با پایگاه های داده یا مدل های داده ایجاد شده اند.

تمام طرح های امنیتی در OpenAPI تعریف شده اند، از جمله:

* .
* **OAuth2** (همچنین با **JWT tokens**). آموزش را در [OAuth2 with JWT](tutorial/security/oauth2-jwt.md){.internal-link target=\_blank} مشاهده کنید.
* کلید های API:
    * <abbr title="سرصفحه ها">Headers</abbr>

    @Throws(IOException::class)
    fun parse(responseHeaders: Headers): WebSocketExtensions {
      // Note that this code does case-insensitive comparisons, even though the spec doesn't specify
      // whether extension tokens and parameters are case-insensitive or not.

      var compressionEnabled = false
      var clientMaxWindowBits: Int? = null
      var clientNoContextTakeover = false
      var serverMaxWindowBits: Int? = null

Mas isso só permitirá certos tipos de comunicação, excluindo tudo que envolva credenciais: cookies, cabeçalhos de autorização como aqueles usados ​​com Bearer Tokens, etc.

Então, para que tudo funcione corretamente, é melhor especificar explicitamente as origens permitidas.

## Usar `CORSMiddleware`

Você pode configurá-lo em sua aplicação **FastAPI** usando o `CORSMiddleware`.

# 패스워드 해싱을 이용한 OAuth2, JWT 토큰을 사용하는 Bearer 인증

모든 보안 흐름을 구성했으므로, 이제 <abbr title="JSON Web Tokens">JWT</abbr> 토큰과 패스워드 해싱을 사용해 애플리케이션을 안전하게 만들 것입니다.

이 코드는 실제로 애플리케이션에서 패스워드를 해싱하여 DB에 저장하는 등의 작업에 활용할 수 있습니다.

이전 장에 이어서 시작해 봅시다.

## JWT

JWT 는 "JSON Web Tokens" 을 의미합니다.

JSON 객체를 공백이 없는 긴 문자열로 인코딩하는 표준이며, 다음과 같은 형태입니다:

```

    @Resource
    protected TimeManager timeManager;

    /** System helper for various system-level operations. */
    @Resource
    protected SystemHelper systemHelper;

    /** Helper for managing access tokens and API authentication. */
    @Resource
    protected AccessTokenHelper accessTokenHelper;

    /** Helper for view-related operations and rendering. */
    @Resource
    protected ViewHelper viewHelper;

Seguridad y autenticación integradas. Sin ningún compromiso con bases de datos o modelos de datos.

Todos los esquemas de seguridad definidos en OpenAPI, incluyendo:

* HTTP Básico.
* **OAuth2** (también con **tokens JWT**). Revisa el tutorial sobre [OAuth2 con JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* API keys en:
    * Headers.
    * Parámetros de query.
    * Cookies, etc.

Sie können das bereits in der interaktiven Dokumentation ausprobieren:

<img src="/img/tutorial/security/image03.png">

Wir überprüfen im Moment noch nicht die Gültigkeit des Tokens, aber das ist bereits ein Anfang.

## Zusammenfassung

constraints.Past.message = {item} moet een waarde uit het verleden zijn.
constraints.Pattern.message = {item} komt niet overeen met "{regexp}".
constraints.Size.message = De grootte van {item} moet tussen {min} en {max} tekens liggen.
# ----------------------------------------------------------
# Hibernate Validator
# -------------------
constraints.CreditCardNumber.message = {item} is geen geldig creditcardnummer.

* Sécurité et authentification, y compris la prise en charge de **OAuth2** avec les **<abbr title="en anglais : JWT tokens">jetons <abbr title="JSON Web Tokens">JWT</abbr></abbr>** et l'authentification **HTTP Basic**.