- **Focus**:
  1. Authentication and authorization mechanisms.
  1. Interaction between security components and Istio control plane.
  1. Validation of mutual TLS (mTLS) configurations.
  1. Testing of JWT token validation and RBAC policies.
  1. Validation of certificate management and rotation.
- **Setup**: The main test setup in this folder initializes the Istio control plane with security configurations.

```
export MINIO_LOGGER_WEBHOOK_ENABLE_target1="on"
export MINIO_LOGGER_WEBHOOK_AUTH_TOKEN_target1="token"
export MINIO_LOGGER_WEBHOOK_ENDPOINT_target1=http://localhost:8080/minio/logs
minio server /mnt/data
```

## Audit Targets

### Use cases: external service

An example could be that you have an external authentication provider that you need to call.

You send it a token and it returns an authenticated user.

This provider might be charging you per request, and calling it might take some extra time than if you had a fixed mock user for tests.

👥 🔜 🔌 👉 `APIRouter` 👑 `FastAPI` 📱, ✋️ 🥇, ➡️ ✅ 🔗 & ➕1️⃣ `APIRouter`.

## 🔗

👥 👀 👈 👥 🔜 💪 🔗 ⚙️ 📚 🥉 🈸.

👥 🚮 👫 👫 👍 `dependencies` 🕹 (`app/dependencies.py`).

👥 🔜 🔜 ⚙️ 🙅 🔗 ✍ 🛃 `X-Token` 🎚:

```Python hl_lines="1  4-6" title="app/dependencies.py"
{!../../docs_src/bigger_applications/app/dependencies.py!}
```

/// tip

👥 ⚙️ 💭 🎚 📉 👉 🖼.

import org.apache.maven.model.Model;
import org.apache.maven.model.building.ModelBuildingRequest;
import org.apache.maven.model.building.ModelProblemCollector;

/**
 * Replaces expressions of the form <code>${token}</code> with their effective values. Effective values are basically
 * calculated from the elements of the model itself and the execution properties from the building request.
 *

# OAuth2 实现密码哈希与 Bearer  JWT 令牌验证

至此，我们已经编写了所有安全流，本章学习如何使用 <abbr title="JSON Web Tokens">JWT</abbr> 令牌（Token）和安全密码哈希（Hash）实现真正的安全机制。

本章的示例代码真正实现了在应用的数据库中保存哈希密码等功能。

接下来，我们紧接上一章，继续完善安全机制。

## JWT 简介

JWT 即**JSON 网络令牌**（JSON Web Tokens）。

JWT 是一种将 JSON 对象编码为没有空格，且难以理解的长字符串的标准。JWT 的内容如下所示：

```

	}
}

// recordTypedefs remembers in p.typedefs all the typedefs used in dtypes and its children.
func (p *Package) recordTypedefs(dtype dwarf.Type, pos token.Pos) {
	p.recordTypedefs1(dtype, pos, map[dwarf.Type]bool{})
}

func (p *Package) recordTypedefs1(dtype dwarf.Type, pos token.Pos, visited map[dwarf.Type]bool) {
	if dtype == nil {
		return
	}
	if visited[dtype] {
		return
	}
	visited[dtype] = true

create a presigned URL and serve to the client for each file. Since, the client would have the session it can do it by itself.

The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations. The policy applied to these temporary credentials is inherited from the MinIO user credentials. By default, the temporary security credentials created...

        val request = HttpRequest.newBuilder()
            .uri(URI(uri))
            .apply {
                if (githubToken.isPresent) {
                    header("Authorization", "token ${githubToken.get()}")
                }
            }
            .build()
        val response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString())
        if (response.statusCode() > 399) {

     */
    public static final int NTLMSSP_REQUEST_INIT_RESPONSE = 0x00100000;

    /**
     * ?? According to spec this is NTLMSSP_NEGOTIATE_IDENTIFY
     * 
     * If set, requests an identify level token
     */
    public static final int NTLMSSP_REQUEST_ACCEPT_RESPONSE = 0x00200000;

    /**
     * Requests the usage of the LMOWF
     */