escaper.escape((String) null);
      Assert.fail("exception not thrown when escaping a null string");
    } catch (NullPointerException e) {
      // pass
    }
  }

  /**
   * Asserts that an escaper escapes the given character into the expected string.
   *
   * @param escaper the non-null escaper to test
   * @param expected the expected output string
   * @param c the character to escape
   */

      escaper.escape((String) null);
      Assert.fail("exception not thrown when escaping a null string");
    } catch (NullPointerException e) {
      // pass
    }
  }

  /**
   * Asserts that an escaper escapes the given character into the expected string.
   *
   * @param escaper the non-null escaper to test
   * @param expected the expected output string
   * @param c the character to escape
   */

                }
            }
        });
        addPhases(graph, ep1, ep2, phase.phases());
    }

    private static void addPhases(
            Graph graph, Graph.Vertex before, Graph.Vertex after, Collection<Lifecycle.Phase> phases) {
        // We add ordering between internal phases.
        // This would be wrong at execution time, but we are here computing a list and not a graph,

    assertEquals(2, copy.size());
    assertSame(copy, copy.iterator().next().member);
  }

  /*
   * The behavior of toString() and iteration is tested by LinkedHashMultiset,
   * which shares a lot of code with HashMultiset and has deterministic
   * iteration order.
   */

# Security Tools

When you need to declare dependencies with OAuth2 scopes you use `Security()`.

But you still need to define what is the dependable, the callable that you pass as a parameter to `Depends()` or `Security()`.

There are multiple tools that you can use to create those dependables, and they get integrated into OpenAPI so they are shown in the automatic docs UI, they can be used by automatically generated clients and SDKs, etc.

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

///

## Advanced usage with `scopes` { #advanced-usage-with-scopes }

OAuth2 has the notion of "scopes".

You can use them to add a specific set of permissions to a JWT token.

        List<String> scopes = new ArrayList<>(2);
        if (scopeToCollect != null && !scopeToCollect.isEmpty()) {
            scopes.add(scopeToCollect);
        }
        if (scopeToResolve != null && !scopeToResolve.isEmpty()) {
            scopes.add(scopeToResolve);
        }

        if (scopes.isEmpty()) {
            return null;
        } else {

                    Map<String, LifecyclePhase> phases = getLifecyclePhases(lifecycleId);
                    if (phases != null) {
                        Lifecycle lifecycle = new Lifecycle();

                        lifecycle.setId(lifecycleId);
                        lifecycle.setLifecyclePhases(phases);

                        lifecycleMap.put(lifecycleId, lifecycle);
                    }

    // If the string contains no escapes, it should return the arg.
    // Note: assert<b>Same</b> for this implementation.
    String s = "blah blah farhvergnugen";
    assertSame(s, htmlEscaper().escape(s));

    // Tests escapes at begin and end of string.
    assertEquals("&lt;p&gt;", htmlEscaper().escape("<p>"));

    // Test all escapes.

We have a lifecycle mapping for the packaging of *jar* below. You see that for this packaging we have a *default* lifecycle and a list of phases where each phase is a comma separated list of goals to run and they are in the form groupId:artifactId:version.

<configuration>
  <lifecycles>
    <lifecycle>
      <id>default</id>
      <phases>
        <process-resources>org.apache.maven.plugins:maven-resources-plugin:resources</process-resources>