# Simples OAuth2 com senha e Bearer { #simple-oauth2-with-password-and-bearer }

Agora vamos construir a partir do capítulo anterior e adicionar as partes que faltam para ter um fluxo de segurança completo.

## Obtenha o `username` e a `password` { #get-the-username-and-password }

É utilizado o utils de segurança da **FastAPI** para obter o `username` e a `password`.

   * do double-duty to make sure the counting and content are consistent, particularly when it comes
   * to awkward operations like measuring the encoded length of header strings, or the
   * length-in-digits of an encoded integer.
   */
  private fun writeOrCountBytes(
    sink: BufferedSink?,
    countBytes: Boolean,
  ): Long {
    var byteCount = 0L

            @Override
            protected int readHeaderWireFormat(byte[] buffer, int bufferIndex) {
                // Simulate header reading
                return 33;
            }
        };
        byte[] buffer = new byte[1024];

        // Setup buffer after header
        buffer[33] = 4; // wordCount
        buffer[34] = (byte) 0xFF; // andxCommand
        buffer[36] = 0; // andxOffset low

        final List<ProtwordsItem> itemList = new ArrayList<>();
        try (BufferedReader reader = new BufferedReader(new InputStreamReader(in, Constants.UTF_8))) {
            long id = 0;
            String line = null;
            while ((line = reader.readLine()) != null) {
                if (line.length() == 0 || line.charAt(0) == '#') {
                    if (updater != null) {

    - tutorial/body-nested-models.md
    - tutorial/schema-extra-example.md
    - tutorial/extra-data-types.md
    - tutorial/cookie-params.md
    - tutorial/header-params.md
    - tutorial/cookie-param-models.md
    - tutorial/header-param-models.md
    - tutorial/response-model.md
    - tutorial/extra-models.md
    - tutorial/response-status-code.md
    - tutorial/request-forms.md

	// Before proceeding validate if bucket exists.
	_, err := objAPI.GetBucketInfo(ctx, bucket, BucketOptions{})
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	aclHeader := r.Header.Get(xhttp.AmzACL)
	if aclHeader == "" {
		acl := &accessControlPolicy{}
		if err = xmlDecoder(r.Body, acl, r.ContentLength); err != nil {
			if terr, ok := err.(*xml.SyntaxError); ok && terr.Msg == io.EOF.Error() {

	return sseCfg, err
}

// validateBucketSSEConfig parses bucket encryption configuration and validates if it is supported by MinIO.
func validateBucketSSEConfig(r io.Reader) (*sse.BucketSSEConfig, error) {
	encConfig, err := sse.ParseBucketSSEConfig(r)
	if err != nil {
		return nil, err
	}

	if len(encConfig.Rules) == 1 {
		return encConfig, nil
	}

        final List<CharMappingItem> itemList = new ArrayList<>();
        try (BufferedReader reader = new BufferedReader(new InputStreamReader(in, Constants.UTF_8))) {
            long id = 0;
            String line = null;
            while ((line = reader.readLine()) != null) {
                // Remove comments

    void testDecode() throws Exception {
        // Test the decode method which is inherited from ServerMessageBlock
        byte[] buffer = new byte[256];

        // Set up a minimal SMB header (size 32 bytes)
        // SMB signature
        buffer[0] = (byte) 0xFF;
        buffer[1] = 'S';
        buffer[2] = 'M';
        buffer[3] = 'B';

        // Command - SMB_COM_TRANSACTION2

///

## Ne Yapar { #what-it-does }

Request içinde `Authorization` header’ını arar, değerin `Bearer ` + bir token olup olmadığını kontrol eder ve token’ı `str` olarak döndürür.

Eğer `Authorization` header’ını görmezse ya da değer `Bearer ` token’ı içermiyorsa, doğrudan 401 status code hatasıyla (`UNAUTHORIZED`) response döner.