TestSetGenerator<Entry<K, V>> entrySetGenerator) {
    return SetTestSuiteBuilder.using(entrySetGenerator);
  }

  protected SetTestSuiteBuilder<K> createDerivedKeySetSuite(TestSetGenerator<K> keySetGenerator) {
    return SetTestSuiteBuilder.using(keySetGenerator);
  }

  protected CollectionTestSuiteBuilder<V> createDerivedValueCollectionSuite(

First import `Header`:

{* ../../docs_src/header_params/tutorial001_an_py310.py hl[3] *}

## Declare `Header` parameters { #declare-header-parameters }

Then declare the header parameters using the same structure as with `Path`, `Query` and `Cookie`.

You can define the default value as well as all the extra validation or annotation parameters:

{* ../../docs_src/header_params/tutorial001_an_py310.py hl[9] *}

   * occur when using {@link CacheBuilder#weakKeys}, {@link CacheBuilder#weakValues}, or {@link
   * CacheBuilder#softValues}.
   */
  COLLECTED {
    @Override
    boolean wasEvicted() {
      return true;
    }
  },

  /**
   * The entry's expiration timestamp has passed. This can occur when using {@link

///

## **FastAPI** utilities { #fastapi-utilities }

FastAPI provides several tools for each of these security schemes in the `fastapi.security` module that simplify using these security mechanisms.

In the next chapters you will see how to add security to your API using those tools provided by **FastAPI**.

By default, what the method `.openapi()` does is check the property `.openapi_schema` to see if it has contents and return them.

If it doesn't, it generates them using the utility function at `fastapi.openapi.utils.get_openapi`.

And that function `get_openapi()` receives as parameters:

* `title`: The OpenAPI title, shown in the docs.
* `version`: The version of your API, e.g. `2.5.0`.

**FastAPI** provides several tools, at different levels of abstraction, to implement these security features.

In this example we are going to use **OAuth2**, with the **Password** flow, using a **Bearer** token. We do that using the `OAuth2PasswordBearer` class.

/// info

A "bearer" token is not the only option.

But it's the best one for our use case.

    private Subject subject;

    /**
     * Creates KerberosCredentials using the default JAAS configuration.
     *
     * @throws LoginException if authentication fails
     */
    public KerberosCredentials() throws LoginException {
        this(System.getProperty("jaaslounge.sso.jaas.config"));
    }

    /**
     * Creates KerberosCredentials using the specified JAAS login context.
     *

/**
 * Example of using a hardware key to perform client auth.
 * Prefer recent JDK builds, and results are temperamental to slight environment changes.
 * Different instructions and configuration may be required for other hardware devices.
 *
 * Using a yubikey device as a SSL key store.
 * https://lauri.võsandi.com/2017/03/yubikey-for-ssh-auth.html
 *
 * Using PKCS11 support in the JDK.

    void testSecureWipePassword() throws Exception {
        String testPassword = "testPassword123";
        authenticator = new NtlmPasswordAuthenticator("DOMAIN", "username", testPassword);

        // Get the password field using reflection
        Field passwordField = NtlmPasswordAuthenticator.class.getDeclaredField("password");
        passwordField.setAccessible(true);

        // Verify password exists before wipe

    }

    // ////////////////////////////////////////////////////////////////
    // from InputStream to Writer
    //
    /**
     * Copies from an input stream to a writer using the platform default encoding.
     * <p>
     * Neither the input stream nor the writer is closed.
     * </p>
     *
     * @param in the input stream (must not be {@literal null})