- `HTTPBasic` を使って「`security` スキーム」を作成します。
- その `security` を依存関係として path operation に使用します。
- `HTTPBasicCredentials` 型のオブジェクトが返ります:
    - 送信された `username` と `password` を含みます。

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

URL を最初に開こうとしたとき（またはドキュメントで「Execute」ボタンをクリックしたとき）、ブラウザはユーザー名とパスワードの入力を求めます:

<img src="/img/tutorial/security/image12.png">

## ユーザー名の確認 { #check-the-username }

        // Assert that the serverData fields are populated correctly
        assertEquals(0, response.dialectIndex);
        assertEquals(0x0F, serverData.securityMode);
        assertEquals(0x01, serverData.security);
        assertTrue(serverData.encryptedPasswords);
        assertTrue(serverData.signaturesEnabled);
        assertTrue(serverData.signaturesRequired);
        assertEquals(50, serverData.maxMpxCount);

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing).

///

## Multiple models { #multiple-models }

Here's a general idea of how the models could look like with their password fields and the places where they are used:

  * {{{https://maven.apache.org/guides/mini/guide-mirror-settings.html} Mirror Settings}},

  * {{{https://maven.apache.org/guides/mini/guide-deployment-security-settings.html} Security and Deployment Settings}},

  * {{{https://maven.apache.org/guides/mini/guide-encryption-4.html} Password Encryption}},

 */

package jcifs.smb1.dcerpc.msrpc;

import java.io.IOException;

import jcifs.smb1.dcerpc.DcerpcHandle;
import jcifs.smb1.dcerpc.rpc;
import jcifs.smb1.smb1.SmbException;

/**
 * Handle for Security Account Manager (SAM) domain operations.
 * This class represents an open handle to a SAM domain and provides
 * operations for managing domain users, groups, and aliases.
 */

    private byte[] preauthSalt;

    /**
     * Constructs an SMB2 negotiate request with the specified configuration and security mode.
     *
     * @param config the configuration for this request
     * @param securityMode the security mode flags for negotiation
     */
    public Smb2NegotiateRequest(final Configuration config, final int securityMode) {
        super(config, SMB2_NEGOTIATE);

	if token != "" && cred.AccessKey == "" {
		// x-amz-security-token is not allowed for anonymous access.
		return nil, ErrNoAccessKey
	}

	if token == "" && cred.IsTemp() && !cred.IsServiceAccount() {
		// Temporary credentials should always have x-amz-security-token
		return nil, ErrInvalidToken
	}

	if token != "" && !cred.IsTemp() {
		// x-amz-security-token should not present for static credentials.

Java serialization offers limited control over the serialization process, such as excluding certain fields, customizing naming conventions, and handling complex data structures more gracefully.

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

- **Version Compatibility:**
With Java serialization, even minor changes to a class (like adding a field) can break compatibility.

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

     *
     * @return the server's unique identifier
     */
    public byte[] getServerGuid() {
        return this.serverGuid;
    }

    /**
     * Gets the security mode
     *
     * @return the security mode flags from the server
     */
    public int getSecurityMode() {
        return this.securityMode;
    }

    /**
     * Gets the negotiated SMB dialect
     *