callbacks=callback_router4.routes,
    deprecated=True,
)
router4_default = APIRouter()


@app.get(
    "/override1",
    tags=["path1a", "path1b"],
    responses={
        401: {"description": "Client error level 1"},
        501: {"description": "Server error level 1"},
    },
    deprecated=True,
    callbacks=callback_router1.routes,
    dependencies=[Depends(dep1)],

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

///

## 무엇을 하는지 { #what-it-does }

요청에서 `Authorization` 헤더를 찾아, 값이 `Bearer `에 어떤 token이 붙은 형태인지 확인한 뒤, 그 token을 `str`로 반환합니다.

`Authorization` 헤더가 없거나, 값에 `Bearer ` token이 없다면, 곧바로 401 상태 코드 오류(`UNAUTHORIZED`)로 응답합니다.

오류를 반환하기 위해 token이 존재하는지 직접 확인할 필요조차 없습니다. 함수가 실행되었다면 그 token에는 `str`이 들어 있다고 확신할 수 있습니다.

대화형 문서에서 이미 시도해 볼 수 있습니다:

<img src="/img/tutorial/security/image03.png">

If it doesn't see an `Authorization` header, or the value doesn't have a `Bearer ` token, it will respond with a 401 status code error (`UNAUTHORIZED`) directly.

You don't even have to check if the token exists to return an error. You can be sure that if your function is executed, it will have a `str` in that token.

            }

            executor.accept(httpRequest, (response, entity) -> {
                final int httpStatusCode = response.getCode();
                if (httpStatusCode < 400 || httpStatusCode == 401) {
                    parseTokenPage(tokenPattern, responseParams, entity);
                } else {
                    String content;
                    try {

                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake
        int responseCode = ntlmConnection.getResponseCode();

        // Assert - Verify we got the 401 response (simplified test)
        assertEquals(HTTP_UNAUTHORIZED, responseCode);

        // In a real scenario, the connection would reconnect and send Type1/Type3 messages

///

## 它做了什麼 { #what-it-does }

它會從請求中尋找 `Authorization` 標頭，檢查其值是否為 `Bearer ` 加上一段 token，並將該 token 以 `str` 回傳。

若未找到 `Authorization` 標頭，或其值不是 `Bearer ` token，則會直接回傳 401（`UNAUTHORIZED`）錯誤。

你不必再自行檢查 token 是否存在；你可以確信只要你的函式被執行，該 token 參數就一定會是 `str`。

你可以在互動式文件中試試看：

<img src="/img/tutorial/security/image03.png">

我們還沒驗證 token 是否有效，但這已是個開始。

## 小結 { #recap }

///

## 它做了什么 { #what-it-does }

它会在请求中查找 `Authorization` 请求头，检查其值是否为 `Bearer ` 加上一些令牌，并将该令牌作为 `str` 返回。

如果没有 `Authorization` 请求头，或者其值不包含 `Bearer ` 令牌，它会直接返回 401 状态码错误（`UNAUTHORIZED`）。

你甚至无需检查令牌是否存在即可返回错误；只要你的函数被执行，就可以确定会拿到一个 `str` 类型的令牌。

你已经可以在交互式文档中试试了：

<img src="/img/tutorial/security/image03.png">

我们还没有验证令牌是否有效，但这已经是一个良好的开端。

## 小结 { #recap }

            }

            executor.accept(httpRequest, (response, entity) -> {
                final int httpStatusCode = response.getStatusLine().getStatusCode();
                if (httpStatusCode < 400 || httpStatusCode == 401) {
                    parseTokenPage(tokenPattern, responseParams, entity);
                } else {
                    String content;
                    try {

    }

    /**
     * Test case for when the 'Authorization' header is missing.
     * Expects the server to respond with a 'WWW-Authenticate: NTLM' header and a 401 status.
     * @throws IOException
     */
    @Test
    public void testAuthenticate_NoAuthorizationHeader() throws IOException {
        // Setup: No "Authorization" header