@Resource
    protected TimeManager timeManager;

    /** System helper for various system-level operations. */
    @Resource
    protected SystemHelper systemHelper;

    /** Helper for managing access tokens and API authentication. */
    @Resource
    protected AccessTokenHelper accessTokenHelper;

    /** Helper for view-related operations and rendering. */
    @Resource
    protected ViewHelper viewHelper;

	default:
		return xml.UnmarshalError(fmt.Sprintf("expected element type <LifecycleConfiguration>/<BucketLifecycleConfiguration> but have <%s>",
			start.Name.Local))
	}
	for {
		// Read tokens from the XML document in a stream.
		t, err := d.Token()
		if err != nil {
			if err == io.EOF {
				break
			}
			return err
		}

		if se, ok := t.(xml.StartElement); ok {
			switch se.Name.Local {
			case "Rule":

Security and authentication integrated. Without any compromise with databases or data models.

All the security schemes defined in OpenAPI, including:

* HTTP Basic.
* **OAuth2** (also with **JWT tokens**). Check the tutorial on [OAuth2 with JWT](tutorial/security/oauth2-jwt.md).
* API keys in:
    * Headers.
    * Query parameters.
    * Cookies, etc.

  exit /b 1
)

rem Read the output file
if exist "%JVM_CONFIG_TEMP%" (
  if defined MAVEN_DEBUG_SCRIPT (
    echo [DEBUG] Temp file contents:
    type "%JVM_CONFIG_TEMP%"
  )
  for /f "usebackq tokens=*" %%i in ("%JVM_CONFIG_TEMP%") do set "JVM_CONFIG_MAVEN_OPTS=%%i"
  del "%JVM_CONFIG_TEMP%" 2>nul
)

if defined MAVEN_DEBUG_SCRIPT (
  echo [DEBUG] Final JVM_CONFIG_MAVEN_OPTS: %JVM_CONFIG_MAVEN_OPTS%
)

<img src="/img/tutorial/security/image11.png">

## 內含 scopes 的 JWT token { #jwt-token-with-scopes }

現在，修改 token 的路徑操作以回傳所請求的 scopes。

我們仍然使用相同的 `OAuth2PasswordRequestForm`。它包含屬性 `scopes`，其為 `list` 的 `str`，列出請求中收到的每個 scope。

並且我們將這些 scopes 作為 JWT token 的一部分回傳。

/// danger

為了簡化，這裡我們只是直接把接收到的 scopes 加進 token。

但在你的應用中，為了安全性，你應確保只加入該使用者實際可擁有或你預先定義的 scopes。

///

            Path base = project.getOutputDirectory(scope());
            return targetPath.map(base::resolve).orElse(base);
        });
    }

    /**
     * {@return whether resources are filtered to replace tokens with parameterized values}
     * The default value is {@code false}.
     */
    default boolean stringFiltering() {
        return false;
    }

    /**

    """
    OAuth2 flow for authentication using a bearer token obtained with an OAuth2 code
    flow. An instance of it would be used as a dependency.
    """

    def __init__(
        self,
        authorizationUrl: str,
        tokenUrl: Annotated[
            str,
            Doc(
                """
                The URL to obtain the OAuth2 token.
                """
            ),
        ],

        }

        @Test
        @DisplayName("Textual constructor invalid format throws SmbException")
        void testTextualConstructorInvalid() {
            // Arrange
            String bad = "S-1"; // fewer than 3 tokens

            // Act + Assert
            SmbException ex = assertThrows(SmbException.class, () -> new SID(bad));
            assertTrue(ex.getMessage().contains("Bad textual SID format"));
        }

        @Test

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

/// danger

    * ...及其他。

所有的校验都由完善且强大的 **Pydantic** 处理。

### 安全性及身份验证 { #security-and-authentication }

集成了安全性和身份认证。杜绝数据库或者数据模型的渗透风险。

OpenAPI 中定义的安全模式，包括：

* HTTP 基本认证。
* **OAuth2**（也使用 **JWT tokens**）。在 [使用 JWT 的 OAuth2](tutorial/security/oauth2-jwt.md) 查看教程。
* API 密钥，在:
    * 请求头。
    * 查询参数。
    * Cookies，等等。

加上来自 Starlette（包括 **session cookie**）的所有安全特性。