* Einem Query-Parameter.
    * Einem Header.
    * Einem Cookie.
* `http`: Standard-HTTP-Authentifizierungssysteme, einschließlich:
    * `bearer`: ein Header `Authorization` mit dem Wert `Bearer ` plus einem Token. Dies wird von OAuth2 geerbt.
    * HTTP Basic Authentication.
    * HTTP Digest, usw.
* `oauth2`: Alle OAuth2-Methoden zum Umgang mit Sicherheit (genannt „Flows“).

    * A query parameter.
    * A header.
    * A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").

/// tip | 提示

有些编辑器会检查代码中没使用过的函数参数，并显示错误提示。

在*路径操作装饰器*中使用 `dependencies` 参数，可以确保在执行依赖项的同时，避免编辑器显示错误提示。

使用路径装饰器依赖项还可以避免开发新人误会代码中包含无用的未使用参数。

///

/// info | 说明

本例中，使用的是自定义响应头 `X-Key` 和 `X-Token`。

但实际开发中，尤其是在实现安全措施时，最好使用 FastAPI 内置的[安全工具](../security/index.md){.internal-link target=_blank}（详见下一章）。

///

## 依赖项错误和返回值

路径装饰器依赖项也可以使用普通的依赖项*函数*。

### 依赖项的需求项

路径装饰器依赖项可以声明请求的需求项（比如响应头）或其他子依赖项：

## Explore Further

- [Casdoor MinIO Integration](https://casdoor.org/docs/integration/minio)
- [MinIO STS Quickstart Guide](https://docs.min.io/community/minio-object-store/developers/security-token-service.html)

String unescaped = JsonUtil.unescape(escaped);

// Text tokenization
Tokenizer tokenizer = new Tokenizer("field1,field2,field3", ",");
while (tokenizer.hasMoreTokens()) {
    String token = tokenizer.nextToken();
    // Process each token
}

// Decimal formatting
DecimalFormat format = DecimalFormatUtil.getDecimalFormat("###,###.00");
```

### Exception Handling
```java
import org.codelibs.core.exception.*;

Если токен недействителен, то сразу же верните HTTP-ошибку.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Обновление *операции пути* `/token` { #update-the-token-path-operation }

Создайте `timedelta` со временем истечения срока действия токена.

Создайте реальный токен доступа JWT и верните его

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

    }
  }

  /** See https://api.slack.com/methods/rtm.start. */
  public RtmStartResponse rtmStart(String accessToken) throws IOException {
    HttpUrl url = baseUrl.newBuilder("rtm.start")
        .addQueryParameter("token", accessToken)
        .build();
    Request request = new Request.Builder()
        .url(url)
        .build();
    Call call = httpClient.newCall(request);
    try (Response response = call.execute()) {

# Length of API access token.
api.access.token.length=60
# Whether API access token is required.
api.access.token.required=false
# API access token request parameter.
api.access.token.request.parameter=
# Permissions for API admin access.
api.admin.access.permissions=Radmin-api
# Accepted referers for API search.

                        tokStarted = true;
                        tokBuf.append(tok.trim());
                        break;
                }
            }

            // Handle case where end of token stream and
            // still got data
            if ((!exit) && (tokStarted)) {
                retVal = tokBuf.toString();
            }
        }

        return optional ? "?" + retVal : retVal;

By default this plugin uses HTTP 1.x. To enable HTTP2 use the `MINIO_POLICY_PLUGIN_ENABLE_HTTP2` environment variable.

## Request and Response

MinIO will make a `POST` request with a JSON body to the given plugin URL. If the auth token parameter is set, it will be sent as an authorization header.

The JSON body structure can be seen from this sample:

<details><summary>Request Body Sample</summary>

```json
{
  "input": {