void testSecureWipePassword() throws Exception {
        String testPassword = "testPassword123";
        authenticator = new NtlmPasswordAuthenticator("DOMAIN", "username", testPassword);

        // Get the password field using reflection
        Field passwordField = NtlmPasswordAuthenticator.class.getDeclaredField("password");
        passwordField.setAccessible(true);

        // Verify password exists before wipe

Make sure you [Upgrade the FastAPI version](../deployment/versions.md#upgrading-the-fastapi-versions){.internal-link target=_blank} to at least 0.95.1 before using `Annotated`.

///

## Declare metadata { #declare-metadata }

You can declare all the same parameters as for `Query`.

For example, to declare a `title` metadata value for the path parameter `item_id` you can type:

/**
 * Example of using a hardware key to perform client auth.
 * Prefer recent JDK builds, and results are temperamental to slight environment changes.
 * Different instructions and configuration may be required for other hardware devices.
 *
 * Using a yubikey device as a SSL key store.
 * https://lauri.võsandi.com/2017/03/yubikey-for-ssh-auth.html
 *
 * Using PKCS11 support in the JDK.

          echo "Found curl ... using curl"
        fi
        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
            curl -o "$wrapperJarPath" "$jarUrl" -f
        else
            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
        fi

    else
        if [ "$MVNW_VERBOSE" = true ]; then
          echo "Falling back to using Java to download"
        fi

To add a dependency on Guava testlib using Maven, use the following:

```xml
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava-testlib</artifactId>
  <version>33.4.8-jre</version>
  <scope>test</scope>
</dependency>
```

To add a dependency using Gradle:

```gradle
dependencies {
  test 'com.google.guava:guava-testlib:33.4.8-jre'
}

**FastAPI** provides several tools, at different levels of abstraction, to implement these security features.

In this example we are going to use **OAuth2**, with the **Password** flow, using a **Bearer** token. We do that using the `OAuth2PasswordBearer` class.

/// info

A "bearer" token is not the only option.

But it's the best one for our use case.

   * occur when using {@link CacheBuilder#weakKeys}, {@link CacheBuilder#weakValues}, or {@link
   * CacheBuilder#softValues}.
   */
  COLLECTED {
    @Override
    boolean wasEvicted() {
      return true;
    }
  },

  /**
   * The entry's expiration timestamp has passed. This can occur when using {@link

 * This transformer handles document transformation and content extraction using
 * the standard Fess file transformation process with support for various content types.
 *
 * <p>It extends AbstractFessFileTransformer to provide file-specific transformation
 * capabilities while using the appropriate extractor for each document type.</p>
 */

                    if (logger.isDebugEnabled()) {
                        logger.debug("Using default extractor {} for MIME type {}", extractorName, mimeType);
                    }
                    extractor = crawlerContainer.getComponent(extractorName);
                } else if (logger.isDebugEnabled()) {
                    logger.debug("Using {} for detected MIME type {}, not {}", extractor.getClass().getName(), detectedMimeType, mimeType);

# OAuth2 with Password (and hashing), Bearer with JWT tokens { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Now that we have all the security flow, let's make the application actually secure, using <abbr title="JSON Web Tokens">JWT</abbr> tokens and secure password hashing.

This code is something you can actually use in your application, save the password hashes in your database, etc.