/**
     * Initializes the security context with the given token.
     * @param token the input token bytes
     * @param offset offset into the token array
     * @param len length of token data
     * @return the output token bytes
     * @throws SmbException if an error occurs during context initialization
     */
    public byte[] initSecContext(byte[] token, final int offset, final int len) throws SmbException {

        String token = JsonPath.from(response).get("response.setting.token");
        checkGetMethod(requestBody, ITEM_ENDPOINT_SUFFIX + "/" + id).then()
                .body("response." + ITEM_ENDPOINT_SUFFIX + ".name", equalTo(name))
                .body("response." + ITEM_ENDPOINT_SUFFIX + ".token", equalTo(token));
    }

    @Test
    void crudTest() {
        testCreate();

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

Se ele não ver o header de `Autorização` ou o valor não tem um token `Bearer`, vai responder com um código de erro  401 (`UNAUTHORIZED`) diretamente.

Você nem precisa verificar se o token existe para retornar um erro. Você pode ter certeza de que se a sua função for executada, ela terá um `str` nesse token.

    @ValidateTypeFailure
    public Integer crudMode;

    /** Token (word) to be added to the dictionary */
    @Required
    @Size(max = 1000)
    public String token;

    /** Segmentation information for the token */
    @Required
    @Size(max = 1000)
    public String segmentation;

    /** Reading (pronunciation) of the token in katakana */
    @Required
    @Size(max = 1000)
    public String reading;

Si no ve un header `Authorization`, o el valor no tiene un token `Bearer `, responderá directamente con un error de código de estado 401 (`UNAUTHORIZED`).

Ni siquiera tienes que verificar si el token existe para devolver un error. Puedes estar seguro de que si tu función se ejecuta, tendrá un `str` en ese token.

Puedes probarlo ya en los docs interactivos:

	// Create a custom split function by wrapping the existing ScanWords function.
	split := func(data []byte, atEOF bool) (advance int, token []byte, err error) {
		advance, token, err = bufio.ScanWords(data, atEOF)
		if err == nil && token != nil {
			_, err = strconv.ParseInt(string(token), 10, 32)
		}
		return
	}
	// Set the split function for the scanning operation.
	scanner.Split(split)
	// Validate the input

Update `get_current_user` to receive the same token as before, but this time, using JWT tokens.

Decode the received token, verify it, and return the current user.

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

	// Text returns the original string representation of the token.
	Text() string
	// File reports the source file name of the token.
	File() string
	// Base reports the position base of the token.
	Base() *src.PosBase
	// SetBase sets the position base.
	SetBase(*src.PosBase)
	// Line reports the source line number of the token.
	Line() int
	// Col reports the source column number of the token.
	Col() int

{* ../../docs_src/security/tutorial001.py hl[6] *}

/// tip

📥 `tokenUrl="token"` 🔗 ⚖ 📛 `token` 👈 👥 🚫 ✍. ⚫️ ⚖ 📛, ⚫️ 🌓 `./token`.

↩️ 👥 ⚙️ ⚖ 📛, 🚥 👆 🛠️ 🔎 `https://example.com/`, ⤴️ ⚫️ 🔜 🔗 `https://example.com/token`. ✋️ 🚥 👆 🛠️ 🔎 `https://example.com/api/v1/`, ⤴️ ⚫️ 🔜 🔗 `https://example.com/api/v1/token`.