// Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

Se ele não ver o header de `Autorização` ou o valor não tem um token `Bearer`, vai responder com um código de erro  401 (`UNAUTHORIZED`) diretamente.

Você nem precisa verificar se o token existe para retornar um erro. Você pode ter certeza de que se a sua função for executada, ela terá um `str` nesse token.

Si no ve un header `Authorization`, o el valor no tiene un token `Bearer `, responderá directamente con un error de código de estado 401 (`UNAUTHORIZED`).

Ni siquiera tienes que verificar si el token existe para devolver un error. Puedes estar seguro de que si tu función se ejecuta, tendrá un `str` en ese token.

Puedes probarlo ya en los docs interactivos:

    /**
     * Constructs KerberosPacAuthData from token bytes.
     *
     * @param token the PAC token bytes
     * @param keys map of Kerberos keys indexed by key type
     * @throws PACDecodingException if PAC decoding fails
     */
    public KerberosPacAuthData(byte[] token, Map<Integer, KerberosKey> keys) throws PACDecodingException {
        this.pac = new Pac(token, keys);
    }

    /**
     * Returns the PAC object.

        String token = JsonPath.from(response).get("response.setting.token");
        checkGetMethod(requestBody, ITEM_ENDPOINT_SUFFIX + "/" + id).then()
                .body("response." + ITEM_ENDPOINT_SUFFIX + ".name", equalTo(name))
                .body("response." + ITEM_ENDPOINT_SUFFIX + ".token", equalTo(token));
    }

    @Test
    void crudTest() {
        testCreate();

    @ValidateTypeFailure
    public Integer crudMode;

    /** Token (word) to be added to the dictionary */
    @Required
    @Size(max = 1000)
    public String token;

    /** Segmentation information for the token */
    @Required
    @Size(max = 1000)
    public String segmentation;

    /** Reading (pronunciation) of the token in katakana */
    @Required
    @Size(max = 1000)
    public String reading;

{* ../../docs_src/security/tutorial001.py hl[6] *}

/// tip

📥 `tokenUrl="token"` 🔗 ⚖ 📛 `token` 👈 👥 🚫 ✍. ⚫️ ⚖ 📛, ⚫️ 🌓 `./token`.

↩️ 👥 ⚙️ ⚖ 📛, 🚥 👆 🛠️ 🔎 `https://example.com/`, ⤴️ ⚫️ 🔜 🔗 `https://example.com/token`. ✋️ 🚥 👆 🛠️ 🔎 `https://example.com/api/v1/`, ⤴️ ⚫️ 🔜 🔗 `https://example.com/api/v1/token`.

/**
 * Represents a Kerberos authentication token.
 */
public class KerberosToken {

    private KerberosApRequest apRequest;

    /**
     * Constructs a KerberosToken from token bytes.
     *
     * @param token the token bytes
     * @throws PACDecodingException if token decoding fails
     */
    public KerberosToken(byte[] token) throws PACDecodingException {
        this(token, null);
    }

    /**

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.exception;

/**
 * Exception thrown when an invalid access token is encountered.
 * This exception is typically used in authentication and authorization contexts
 * where a provided access token is invalid, expired, or malformed.
 */
public class InvalidAccessTokenException extends FessSystemException {

    /** Serial version UID for serialization */

#    notify:
#      endpoint: "https://notify.endpoint" # notification endpoint to receive job status events
#      token: "Bearer xxxxx" # optional authentication token for the notification endpoint
#
#    retry:
#      attempts: 10 # number of retries for the job before giving up
#      delay: "500ms" # least amount of delay between each retry

`