@DisplayName("Test sensitive data masking")
    void testSensitiveDataMasking() {
        logger.setSensitiveDataMaskingEnabled(true);

        Map<String, Object> context = new HashMap<>();
        context.put("password", "secretpassword123");
        context.put("sessionId", "abc123def456");
        context.put("username", "******@****.***");

/// tip

This is how you would handle **passwords**. Receive them, but don't return them in the API.

You would also **hash** the values of the passwords before storing them, **never store them in plain text**.

///

The fields of `HeroCreate` are:

* `name`
* `age`
* `secret_name`

그리고 이 수천 개의 *경로 작동*은 모두 3줄 정도로 줄일 수 있습니다.

{* ../../docs_src/security/tutorial002.py hl[30:32] *}

## 요약

이제 *경로 작동 함수*에서 현재 사용자를 직접 가져올 수 있습니다.

우리는 이미 이들 사이에 있습니다.

사용자/클라이언트가 실제로 `username`과 `password`를 보내려면 *경로 작동*을 추가하기만 하면 됩니다.

	// }

	// Fill the login form with our test creds:
	// fmt.Printf("login form url: %s\n", lastReq.URL.String())
	formData := url.Values{}
	formData.Set("login", username)
	formData.Set("password", password)
	req, err = http.NewRequestWithContext(ctx, http.MethodPost, lastReq.URL.String(), strings.NewReader(formData.Encode()))
	if err != nil {
		return "", fmt.Errorf("new request err (/login): %v", err)
	}

        public boolean authenticate(HttpServletResponse response) throws IOException, ServletException {
            return false;
        }

        @Override
        public void login(String username, String password) throws ServletException {
        }

        @Override
        public void logout() throws ServletException {
        }

        @Override

    // List<Authentication> basicAuthList = new ArrayList<Authentication>();
    // basicAuthList.add(new AuthenticationImpl(
    // new AuthScope("www.hoge.com", 80),
    // new UsernamePasswordCredentials("username", "password"),
    // digestScheme));
    // paramMap.put(
    // HcHttpClient.AUTHENTICATIONS_PROPERTY,
    // basicAuthList.toArray(new Authentication[basicAuthList.size()]));
    //

        * ویژگی `implicit`
        * ویژگی `clientCredentials`
        * ویژگی `authorizationCode`
    * اما یک "flow" خاص وجود دارد که می‌تواند به طور کامل برای مدیریت احراز هویت در همان برنامه به کار رود:
        * بررسی `password`: چند فصل بعدی به مثال‌های این مورد خواهیم پرداخت.
* شیوه `openIdConnect`: یک روش برای تعریف نحوه کشف داده‌های احراز هویت OAuth2 به صورت خودکار.
    * کشف خودکار این موضوع را که در مشخصه OpenID Connect تعریف شده است، مشخص می‌کند.

        this.keyStorePassword = null;
    }

    /**
     * Create a secure key manager with KeyStore support
     *
     * @param keyStore the KeyStore to use for key storage
     * @param keyStorePassword password for the KeyStore
     */
    public SecureKeyManager(KeyStore keyStore, char[] keyStorePassword) {
        this.keyStore = keyStore;
        this.keyStorePassword = keyStorePassword != null ? keyStorePassword.clone() : null;

        ntlmServlet.init(servletConfig);
        setupMocksForAuth();

        byte[] challenge = new byte[8];
        NtlmPasswordAuthentication ntlmAuth = new NtlmPasswordAuthentication(cifsContext, "TEST_DOMAIN", "user", "password");

        try (MockedStatic<NtlmSsp> ntlmSspMock = Mockito.mockStatic(NtlmSsp.class)) {
            ntlmSspMock.when(() -> NtlmSsp.authenticate(any(), any(), any(), any())).thenReturn(ntlmAuth);

        fi
        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
            wget "$jarUrl" -O "$wrapperJarPath"
        else
            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
        fi
    elif command -v curl > /dev/null; then
        if [ "$MVNW_VERBOSE" = true ]; then
          echo "Found curl ... using curl"
        fi