But first, let's check some small concepts.

## In a hurry? { #in-a-hurry }

If you don't care about any of these terms and you just need to add security with authentication based on username and password *right now*, skip to the next chapters.

## OAuth2 { #oauth2 }

OAuth2 is a specification that defines several ways to handle authentication and authorization.

        });
    }

    /**
     * Changes the password for a user in the LDAP directory.
     *
     * @param username the username of the user
     * @param password the new password
     * @return true if the password was changed successfully, false otherwise
     */
    public boolean changePassword(final String username, final String password) {
        if (!fessConfig.isLdapAdminEnabled(username)) {

        val credentialHeader = if (proxyAuthorization) "Proxy-Authorization" else "Authorization"
        val credential =
          Credentials.basic(
            auth.userName,
            String(auth.password),
            challenge.charset,
          )
        return request
          .newBuilder()
          .header(credentialHeader, credential)
          .build()
      }
    }

            adduser --quiet \
                    --system \
                    --no-create-home \
                    --ingroup "$FESS_GROUP" \
                    --disabled-password \
                    --shell /bin/false \
                    --home "$FESS_USER_HOME"  \
                    "$FESS_USER"
            echo " OK"
        fi
    ;;
    abort-deconfigure|abort-upgrade|abort-remove)

## Über Integrationen von Drittanbietern

In diesem Beispiel verwenden wir den OAuth2-Flow „Password“.

Das ist angemessen, wenn wir uns bei unserer eigenen Anwendung anmelden, wahrscheinlich mit unserem eigenen Frontend.

Weil wir darauf vertrauen können, dass es den `username` und das `password` erhält, welche wir kontrollieren.

  }

  @Test
  fun decodePassword() {
    assertThat(parse("http://user:password@host/").password).isEqualTo("password")
    assertThat(parse("http://user:@host/").password).isEqualTo("")
    assertThat(parse("http://user:%F0%9F%8D%A9@host/").password)
      .isEqualTo("\uD83C\uDF69")
  }

  @Test
  fun decodeSlashCharacterInDecodedPathSegment() {

    },

    PASSWORD {
      override fun urlString(value: String): String = "http://:$******@****.***/"

      override fun encodedValue(url: HttpUrl): String = url.encodedPassword

      override operator fun set(
        builder: HttpUrl.Builder,
        value: String,
      ) {
        builder.password(value)
      }

    val encodedUsername: String = httpUrl.encodedUsername()
    val username: String = httpUrl.username()
    val encodedPassword: String = httpUrl.encodedPassword()
    val password: String = httpUrl.password()
    val host: String = httpUrl.host()
    val port: Int = httpUrl.port()
    val pathSize: Int = httpUrl.pathSize()
    val encodedPath: String = httpUrl.encodedPath()

     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",
            "The client does not have the necessary access rights to perform the requested function.", "Access is denied.",

     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",
            "The client does not have the necessary access rights to perform the requested function.", "Access is denied.",