*    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */
  open fun isOneShot(): Boolean = commonIsOneShot()

                        etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                        kvno: 5
                        cipher: 508c1fb7944c336ead0edf4536ba1ecf7102923d9dc9e0ab1d5c73d0d3bb4ca6a1120cdd…
                authenticator
                    etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                    cipher: e24ff60648505a37d583d77e20a845158b7cfe8c652ab16d0eeeb4c8700370e5d640bbdd…

         */

     |
    <server>
      <id>deploymentRepo</id>
      <username>repouser</username>
      <password>repopwd</password>
    </server>
    -->

    <!-- Another sample, using keys to authenticate.
    <server>
      <id>siteServer</id>
      <privateKey>/path/to/private/key</privateKey>
      <passphrase>optional; leave empty if not used.</passphrase>
    </server>
    -->
  </servers>

	GlobalStaleUploadsCleanupInterval = time.Hour * 6 // 6 hrs.

	// Refresh interval to update in-memory iam config cache.
	globalRefreshIAMInterval = 10 * time.Minute

	// Limit of location constraint XML for unauthenticated PUT bucket operations.
	maxLocationConstraintSize = 3 * humanize.MiByte

	// Maximum size of default bucket encryption configuration allowed
	maxBucketSSEConfigSize = 1 * humanize.MiByte

            }
        }

        formSchemeList.forEach(p -> {
            final FormScheme scheme = p.getFirst();
            final Credentials credentials = p.getSecond();
            scheme.authenticate(credentials, (request, consumer) -> {

                // request header
                for (final Header header : requestHeaderList) {
                    request.addHeader(header);
                }

        .tlsVersions(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2, TlsVersion.TLS_1_1, TlsVersion.TLS_1_0)
        .supportsTlsExtensions(true)
        .build()

    /** Unencrypted, unauthenticated connections for `http:` URLs. */
    @JvmField
    val CLEARTEXT = Builder(false).build()
  }

                throws SmbException, UnknownHostException {
        SmbTransport trans = SmbTransport.getSmbTransport( dc, port );
        trans.connect();
        return trans.server.encryptionKey;
    }
/**
 * Authenticate arbitrary credentials represented by the
 * <tt>NtlmPasswordAuthentication</tt> object against the domain controller
 * specified by the <tt>UniAddress</tt> parameter. If the credentials are

                proxy = new Proxy(Type.HTTP, addr);
                if (StringUtil.isNotBlank(getHttpProxyUsername())) {
                    Authenticator.setDefault(new Authenticator() {
                        @Override
                        protected PasswordAuthentication getPasswordAuthentication() {

    bytesIn.writeByte(0x7d) // == Literal indexed ==
    // Indexed name (idx = 60) -> "www-authenticate"
    bytesIn.writeByte(0x05) // Literal value (len = 5)
    bytesIn.writeUtf8("Basic")
    hpackReader!!.readHeaders()
    assertThat(hpackReader!!.getAndResetHeaderList())
      .containsExactly(Header("www-authenticate", "Basic"))
  }

  @Test
  fun readLiteralHeaderWithIncrementalIndexingDynamicName() {

（类 `SecurityScopes` 的）`security_scopes` 对象还提供了单字符串类型的属性 `scope_str`，该属性是（要在本例中使用的）用空格分割的作用域。

此处还创建了后续代码中要复用（`raise`）的 `HTTPException` 。

该异常包含了作用域所需的（如有），以空格分割的字符串（使用 `scope_str`）。该字符串要放到包含作用域的 `WWW-Authenticate` 请求头中（这也是规范的要求）。

```Python hl_lines="105  107-115"
{!../../docs_src/security/tutorial005.py!}
```

## 校验 `username` 与数据形状

我们可以校验是否获取了 `username`，并抽取作用域。