public WebAuthenticationConfig getWebAuthenticationConfig() {
        if (StringUtil.isEmpty(getUsername())) {
            throw new CrawlerSystemException(
                    "Username is empty in WebAuthentication configuration. A valid username must be provided for authentication.");
        }

        final WebAuthenticationConfig config = new WebAuthenticationConfig();

    }

    @ParameterizedTest
    @DisplayName("Test valid usernames")
    @ValueSource(strings = { "user", "user123", "user.name", "user-name", "user_name", "******@****.***" })
    void testValidUsernames(String username) {
        assertDoesNotThrow(() -> InputValidator.validateUsername(username));
    }

    @ParameterizedTest
    @DisplayName("Test invalid usernames")
    @ValueSource(strings = { "user name", // space

OAuth2 的設計讓後端或 API 可以獨立於執行使用者驗證的伺服器。

但在這個例子中，同一個 FastAPI 應用會同時處理 API 與驗證。

簡化來看流程如下：

- 使用者在前端輸入 `username` 與 `password`，按下 `Enter`。
- 前端（在使用者的瀏覽器中執行）把 `username` 與 `password` 傳到我們 API 的特定 URL（在程式中宣告為 `tokenUrl="token"`）。
- API 檢查 `username` 與 `password`，並回傳一個「token（權杖）」（我們還沒實作這部分）。
    - 「token（權杖）」就是一段字串，之後可用來識別並驗證此使用者。
    - 通常 token 會設定一段時間後失效。
        - 因此使用者之後需要重新登入。

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

We verify that we get a `username`, and extract the scopes.

        raise


@app.get("/items/{item_id}")
def get_item(item_id: str, username: str = Depends(get_username)):
    if item_id == "portal-gun":
        raise InternalError(
            f"The portal gun is too dangerous to be owned by {username}"
        )
    if item_id != "plumbus":
        raise HTTPException(

        raise


@app.get("/items/{item_id}")
def get_item(item_id: str, username: Annotated[str, Depends(get_username)]):
    if item_id == "portal-gun":
        raise InternalError(
            f"The portal gun is too dangerous to be owned by {username}"
        )
    if item_id != "plumbus":
        raise HTTPException(

@app.get("/items/")
async def read_items():
    return [{"item": "Portal Gun"}, {"item": "Plumbus"}]


@app.get("/users/")
async def read_users():

  static final class BasicAuthInterceptor implements Interceptor {
    private final String credentials;
    private final String host;

    BasicAuthInterceptor(String host, String username, String password) {
      this.credentials = Credentials.basic(username, password);
      this.host = host;
    }

    @Override public Response intercept(Chain chain) throws IOException {
      Request request = chain.request();

		}
	}

	return nil
}

func (driver *ftpDriver) CheckPasswd(c *ftp.Context, username, password string) (ok bool, err error) {
	stopFn := globalFtpMetrics.log(c, username)
	defer stopFn(0, err)

	if globalIAMSys.LDAPConfig.Enabled() {
		sa, _, err := globalIAMSys.getServiceAccount(context.Background(), username)
		if err != nil && !errors.Is(err, errNoSuchServiceAccount) {
			return false, err
		}

					<property name="updateCommand">[
					"/usr/sbin/htpasswd",
					"-b",
					"/tmp/test.txt",
					"$USERNAME",
					"$PASSWORD"
					]</property>
					<property name="deleteCommand">[
					"/usr/sbin/htpasswd",
					"-D",
					"/tmp/test.txt",
					"$USERNAME"
					]</property>
					<property name="targetUsers">[
					"admin"
					]</property>
				</component>
			</arg>