if (!lowerData.contains("password") && !lowerData.contains("secret") && !lowerData.contains("token")
                    && !lowerData.contains("key") && !lowerData.contains("credential") && !lowerData.contains("auth")) {
                return data; // No sensitive patterns detected, skip regex
            }
        }

        // Mask passwords and secrets using cached pattern

    private final MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key
     *            The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");

    private MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");
        final int length = Math.min(key.length, BLOCK_LENGTH);

你會看到這樣的介面：

<img src="/img/tutorial/security/image07.png">

用和先前相同的方式授權應用。

使用下列認證資訊：

Username: `johndoe`
Password: `secret`

/// check | 檢查

注意在程式碼中完全沒有明文密碼「`secret`」，我們只有雜湊後的版本。

///

<img src="/img/tutorial/security/image08.png">

呼叫端點 `/users/me/`，你會得到類似這樣的回應：

```JSON
{
  "username": "johndoe",

 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
 *     return response.request().newBuilder()
 *         .header("Proxy-Authorization", "secret")
 *         .build();
 *   }
 * }
 * return null; // Didn't find a preemptive auth scheme.
 * ```
 *
 * ## Reactive Authentication
 *

          message.startsWith("Found resumable session") -> Type.Handshake
          message.startsWith("Resuming session") -> Type.Handshake
          message.startsWith("Using PSK to derive early secret") -> Type.Handshake
          else -> Type.Unknown
        }

    override fun toString(): String =
      if (param != null) {
        message + "\n" + param
      } else {
        message
      }
  }

token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

# callback url specified when the application was defined
callback_uri = "http://localhost:8000/oauth2/callback"

# keycloak id and secret
client_id = 'account'
client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

sts_client = boto3.client(
    'sts',
    region_name='us-east-1',
    use_ssl=False,
    endpoint_url='http://localhost:9000',
)

- Veeam requires TLS connections to the object storage.  This can be configured per <https://docs.min.io/community/minio-object-store/operations/network-encryption.html>
- The S3 bucket, Access Key and Secret Key have to be created before and outside of Veeam.
- Configure the minio client for the Veeam MinIO endpoint - <https://docs.min.io/community/minio-object-store/operations/deployments/baremetal-deploy-minio-on-redhat-linux.html>

        assertEquals("", clientId);
    }

    @Test
    public void test_getOicClientSecret_default() {
        final String secret = authenticator.getOicClientSecret();
        assertEquals("", secret);
    }

    @Test
    public void test_getOicScope_default() {
        final String scope = authenticator.getOicScope();
        assertEquals("", scope);
    }

ret=$?
if [ $ret -ne 0 ]; then
	echo "BUG: expected no missing entries after decommission: $out1"
	exit 1
fi

./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned
./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned-1

kill $pid