}

        return currentCount <= maxEventsPerWindow;
    }

    private void cleanupOldRateLimitCounters(long currentWindow) {
        // Clean up counters from previous windows to prevent memory leaks
        rateLimitCounters.entrySet().removeIf(entry -> {
            String key = entry.getKey();
            int lastUnderscore = key.lastIndexOf('_');
            if (lastUnderscore > 0) {

        LogStream.setInstance(testStream);
        LogStream instance2 = LogStream.getInstance();
        assertNotNull(instance2);

        // Should be different instances since setInstance replaces the previous one
        assertNotSame(instance1, instance2);
        // Getting instance again should return the same as instance2
        assertSame(instance2, LogStream.getInstance());
    }

    @Test

# Simple OAuth2 with Password and Bearer { #simple-oauth2-with-password-and-bearer }

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

    AtomicBoolean setUpRan = new AtomicBoolean();
    Runnable setUp =
        new Runnable() {
          @Override
          public void run() {
            assertFalse("previous tearDown should have run before setUp", setUpRan.getAndSet(true));
          }
        };
    Runnable tearDown =
        new Runnable() {
          @Override
          public void run() {

This is the basic idea. But you will probably want to take care of some additional things, like:

* Security - HTTPS
* Running on startup
* Restarts
* Replication (the number of processes running)
* Memory
* Previous steps before starting

    // correct.
    this.state.markReady();
  }

  /**
   * Registers a {@link Listener} to be {@linkplain Executor#execute executed} on the given
   * executor. The listener will not have previous state changes replayed, so it is suggested that
   * listeners are added before any of the managed services are {@linkplain Service#startAsync
   * started}.
   *

        @Override
        public Integer next(Integer value) {
          return integers().next(value);
        }

        @Override
        public Integer previous(Integer value) {
          return integers().previous(value);
        }

        @Override
        public long distance(Integer start, Integer end) {
          return integers().distance(start, end);
        }
      };

        fileInternalInfo.decode(buffer1, 0, buffer1.length);
        assertEquals(indexNumber1, fileInternalInfo.getIndexNumber());

        // Second decode - should overwrite previous value
        byte[] buffer2 = new byte[8];
        long indexNumber2 = 0x2222222222222222L;
        SMBUtil.writeInt8(indexNumber2, buffer2, 0);
        fileInternalInfo.decode(buffer2, 0, buffer2.length);

# Extra Models { #extra-models }

Continuing with the previous example, it will be common to have more than one related model.

This is especially the case for user models, because:

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

`chain.proceed(request)` is a critical part of each interceptor’s implementation. This simple-looking method is where all the HTTP work happens, producing a response to satisfy the request. If `chain.proceed(request)` is being called more than once previous response bodies must be closed.

Interceptors can be chained. Suppose you have both a compressing interceptor and a checksumming interceptor: you'll need to decide whether data is compressed and then checksummed, or checksummed and then compressed....