mc client: 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} 3. mc...

1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} 3. mc...

mc client: 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} 3. mc...

    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse list(final OptionalThing<Integer> pageNumber, final SearchForm form) {
        pageNumber.ifPresent(num -> {
            rolePager.setCurrentPageNumber(pageNumber.get());
        }).orElse(() -> {
            rolePager.setCurrentPageNumber(0);
        });
        return asHtml(path_AdminRole_AdminRoleJsp).renderWith(data -> {
            searchPaging(data, form);
        });
    }

        /**
         * Returns the algorithm end result as string, never {@code null}. After invoking this method, this instance should
         * be discarded and not reused. For new checksum calculation you have to get new instance.
         */
        @Nonnull
        String checksum();
    }

#### A "professional" attack

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

* `allow_methods` - A list of HTTP methods that should be allowed for cross-origin requests. Defaults to `['GET']`. You can use `['*']` to allow all standard methods.

// AuthZPlugin - implements opa policy agent calls.
type AuthZPlugin struct {
	args   Args
	client *http.Client
}

// Enabled returns if AuthZPlugin is enabled.
func Enabled(kvs config.KVS) bool {
	return kvs.Get(URL) != ""
}

// LookupConfig lookup AuthZPlugin from config, override with any ENVs.
func LookupConfig(s config.Config, httpSettings xhttp.ConnSettings, closeRespFn func(io.ReadCloser)) (Args, error) {
	args := Args{}

	m.mu.RUnlock()
	if ok {
		return b.updateCacheEntry(update)
	}

	// We should have either a trashed bucket or this
	return metacache{}, errVolumeNotFound
}

// getBucket will get a bucket metacache or load it from disk if needed.
func (m *metacacheManager) getBucket(ctx context.Context, bucket string) *bucketMetacache {
	m.init.Do(m.initManager)

		reqRecorder := &xhttp.RequestRecorder{Reader: r.Body}
		r.Body = reqRecorder

		// Create tracing data structure and associate it to the request context
		tc := mcontext.TraceCtxt{
			AmzReqID:         w.Header().Get(xhttp.AmzRequestID),
			RequestRecorder:  reqRecorder,
			ResponseRecorder: respRecorder,
		}

		r = r.WithContext(context.WithValue(r.Context(), mcontext.ContextTraceKey, &tc))

		reqStartTime := time.Now().UTC()