* during {@code Executor.execute} (e.g., a {@code RejectedExecutionException} or an exception
   * thrown by {@linkplain MoreExecutors#directExecutor direct execution}) will be caught and
   * logged.
   *
   * <p>Note: If your listener is lightweight -- and will not cause stack overflow by completing
   * more futures or adding more {@code directExecutor()} listeners inline -- consider {@link

          return new IteratorWithSunJavaBug6529795<>(iterator);
        }
      }.test();
    } catch (AssertionFailedError e) {
      return;
    }
    fail("Should have caught jdk6 bug in target iterator");
  }

  private static final int STEPS = 3;

  static class TesterThatCountsCalls extends IteratorTester<Integer> {
    TesterThatCountsCalls() {

    }
    /*
     * TODO(cpovirk): Clear interrupt status here? We currently don't, which means that an interrupt
     * before, during, or after runInterruptibly() (unless it produced an InterruptedException
     * caught above) can linger and affect listeners.
     */
  }

  /**
   * Called before runInterruptibly - if true, runInterruptibly and afterRanInterruptibly will not
   * be called.
   */

	defer logger.AuditLog(ctx, w, r, claims)

	if !globalIAMSys.Initialized() {
		writeSTSErrorResponse(ctx, w, ErrSTSIAMNotInitialized, errIAMNotInitialized)
		return
	}

	authn := newGlobalAuthNPluginFn()
	if authn == nil {
		writeSTSErrorResponse(ctx, w, ErrSTSNotInitialized, errors.New("STS API 'AssumeRoleWithCustomToken' is disabled"))
		return
	}

	action := r.Form.Get(stsAction)

            }
        } catch (final Exception ignored) {}
    }

    protected void handleFileUploadException(final FileUploadException e) throws ServletException {
        // suppress logging because it can be caught by logging filter
        //log.error("Failed to parse multipart request", e);
        throw new ServletException("Failed to upload the file.", e);
    }

}

func adminLogIf(ctx context.Context, err error, errKind ...interface{}) {
	logger.LogIf(ctx, "admin", err, errKind...)
}

func authNLogIf(ctx context.Context, err error, errKind ...interface{}) {
	logger.LogIf(ctx, "authN", err, errKind...)
}

func authZLogIf(ctx context.Context, err error, errKind ...interface{}) {
	logger.LogIf(ctx, "authZ", err, errKind...)
}

func peersLogIf(ctx context.Context, err error, errKind ...interface{}) {

	globalAuthPluginMutex.Lock()
	defer globalAuthPluginMutex.Unlock()
	return globalAuthZPlugin
}

func setGlobalAuthNPlugin(authn *idplugin.AuthNPlugin) {
	globalAuthPluginMutex.Lock()
	globalAuthNPlugin = authn
	globalAuthPluginMutex.Unlock()
}

func setGlobalAuthZPlugin(authz *polplugin.AuthZPlugin) {
	globalAuthPluginMutex.Lock()
	globalAuthZPlugin = authz

   * during {@code Executor.execute} (e.g., a {@code RejectedExecutionException} or an exception
   * thrown by {@linkplain MoreExecutors#directExecutor direct execution}) will be caught and
   * logged.
   *
   * <p>Note: If your listener is lightweight -- and will not cause stack overflow by completing
   * more futures or adding more {@code directExecutor()} listeners inline -- consider {@link

/pilot/pkg/security/                                             @istio/wg-security-maintainers
/pilot/pkg/config/                                               @istio/wg-networking-maintainers
/pilot/pkg/networking/plugin/authn/                              @istio/wg-security-maintainers
/pilot/pkg/networking/plugin/authz/                              @istio/wg-security-maintainers

- Temporary credentials have a limited lifetime, there is no need to rotate them or explicitly revoke them. Expired temporary credentials cannot be reused.

## Identity Federation

| AuthN                                                                                  | Description                                                                                                                                   |