* A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, Twitter, GitHub, etc):

    public static final String NUM_OF_THREADS = "numOfThreads";

    public static final String BASIC = "BASIC";

    public static final String DIGEST = "DIGEST";

    public static final String NTLM = "NTLM";

    public static final String FORM = "FORM";

    public static final String SAMBA = "SAMBA";

    public static final String FTP = "FTP";

        bufferIndex += 4;
        this.server.serverTime = SMBUtil.readTime(buffer, bufferIndex);
        bufferIndex += 8;
        int tzOffset = SMBUtil.readInt2(buffer, bufferIndex);
        // tzOffset is signed!
        if ( tzOffset > Short.MAX_VALUE ) {
            tzOffset = -1 * ( 65536 - tzOffset );
        }
        this.server.serverTimeZone = tzOffset;
        bufferIndex += 2;

        }
        for (varyField in value.split(',')) {
          result.add(varyField.trim())
        }
      }
      return result ?: emptySet()
    }

    /**
     * Returns the subset of the headers in this's request that impact the content of this's body.
     */
    fun Response.varyHeaders(): Headers {
      // Use the request headers sent over the network, since that's what the response varies on.

              <location>https://docs.oracle.com/javase/9/docs/api/</location>
            </offlineLink>
            <!-- The Checker Framework likewise would claim javax.annotations, despite providing only a subset of the JSR305 annotations, so it must likewise come after JSR305. -->
            <offlineLink>
              <url>https://checkerframework.org/api/</url>

    assertEquals(Sets.<@Nullable String>newHashSet(null, "tree"), keySet.headSet("yahoo"));
    assertEquals(newHashSet("google"), keySet.tailSet("yahoo"));
    assertEquals(newHashSet("tree"), keySet.subSet("ask", "yahoo"));
  }

  @GwtIncompatible // SerializableTester
  public void testExplicitComparatorSerialization() {
    TreeMultimap<@Nullable String, @Nullable Integer> multimap = createPopulate();

* `apiKey`：一个特定于应用程序的密钥，可以来自：
    * 查询参数。
    * 请求头。
    * cookie。
* `http`：标准的 HTTP 身份认证系统，包括：
    * `bearer`: 一个值为 `Bearer` 加令牌字符串的 `Authorization` 请求头。这是从 OAuth2 继承的。
    * HTTP Basic 认证方式。
    * HTTP Digest，等等。
* `oauth2`：所有的 OAuth2 处理安全性的方式（称为「流程」）。
    *以下几种流程适合构建 OAuth 2.0 身份认证的提供者（例如 Google，Facebook，Twitter，GitHub 等）：
        * `implicit`
        * `clientCredentials`
        * `authorizationCode`

     * @see jcifs.util.transport.Response#isError()
     */
    @Override
    public final boolean isError () {
        return this.error;
    }


    /**
     * @return whether the packet has been signed.
     */
    public boolean isSigned () {
        return ( getFlags() & SMB2_FLAGS_SIGNED ) != 0;
    }


    /**
     * {@inheritDoc}
     *

  private static long fingerprint(byte[] bytes) {
    return fingerprint(bytes, bytes.length);
  }

  /** Convenience method to compute a fingerprint on a subset of a byte array. */
  private static long fingerprint(byte[] bytes, int length) {
    return HASH_FN.hashBytes(bytes, 0, length).asLong();
  }

  /**

 * signed versions of methods for which signedness is an issue.
 *
 * <p>In addition, this class provides several static methods for converting an {@code int} to a
 * {@code String} and a {@code String} to an {@code int} that treat the {@code int} as an unsigned
 * number.
 *
 * <p>Users of these utilities must be <i>extremely careful</i> not to mix up signed and unsigned