Autorisez l'application de la même manière qu'auparavant.

En utilisant les identifiants :

Nom d'utilisateur : `johndoe`
Mot de passe : `secret`

/// check | Vérifications

Remarquez qu'à aucun endroit du code le mot de passe en clair « secret » n'apparaît, nous n'avons que la version hachée.

///

<img src="/img/tutorial/security/image08.png">

/**
 * API access to the <a href="https://api.slack.com/apps">Slack API</a> as an application. One
 * instance of this class may operate without a user, or on behalf of many users. Use the Slack API
 * dashboard to create a client ID and secret for this application.
 *
 * <p>You must configure your Slack API OAuth and Permissions page with a localhost URL like {@code
 * http://localhost:53203/oauth/}, passing the same port to this class’ constructor.
 */

Example: Limit a MinIO cluster to accept at max 1600 simultaneous S3 API requests across all nodes of the cluster.

```sh
export MINIO_API_REQUESTS_MAX=1600
export MINIO_ROOT_USER=your-access-key
export MINIO_ROOT_PASSWORD=your-secret-key
minio server http://server{1...8}/mnt/hdd{1...16}
```

or

```sh
mc admin config set myminio/ api requests_max=1600
mc admin service restart myminio/
```

 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
 *     return response.request().newBuilder()
 *         .header("Proxy-Authorization", "secret")
 *         .build();
 *   }
 * }
 * return null; // Didn't find a preemptive auth scheme.
 * ```
 *
 * ## Reactive Authentication
 *

        String originalParams = "config.timeout=30\npassword=secret\nclient.host=localhost";

        // First parse
        Map<String, String> parsed = ParameterUtil.parse(originalParams);
        assertEquals(3, parsed.size());
        assertEquals("secret", parsed.get("password"));

        // Then encrypt
        String encrypted = ParameterUtil.encrypt(originalParams);

你會看到這樣的介面：

<img src="/img/tutorial/security/image07.png">

用和先前相同的方式授權應用。

使用下列認證資訊：

Username: `johndoe`
Password: `secret`

/// check | 檢查

注意在程式碼中完全沒有明文密碼「`secret`」，我們只有雜湊後的版本。

///

<img src="/img/tutorial/security/image08.png">

呼叫端點 `/users/me/`，你會得到類似這樣的回應：

```JSON
{
  "username": "johndoe",

    private final MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key
     *            The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");

    private MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");
        final int length = Math.min(key.length, BLOCK_LENGTH);

Пройдите авторизацию так же, как делали раньше.

Используя учетные данные пользователя:

Username: `johndoe`
Password: `secret`

/// check | Проверка

Обратите внимание, что нигде в коде не используется открытый текст пароля "`secret`", мы используем только его хэшированную версию.

///

<img src="/img/tutorial/security/image08.png">

          message.startsWith("Found resumable session") -> Type.Handshake
          message.startsWith("Resuming session") -> Type.Handshake
          message.startsWith("Using PSK to derive early secret") -> Type.Handshake
          else -> Type.Unknown
        }

    override fun toString(): String =
      if (param != null) {
        message + "\n" + param
      } else {
        message
      }
  }