# 고급 보안 { #advanced-security }

## 추가 기능 { #additional-features }

[튜토리얼 - 사용자 가이드: 보안](../../tutorial/security/index.md)에서 다룬 내용 외에도, 보안을 처리하기 위한 몇 가지 추가 기능이 있습니다.

/// tip | 팁

다음 섹션들은 **반드시 "고급"이라고 할 수는 없습니다**.

그리고 사용 사례에 따라, 그중 하나에 해결책이 있을 수도 있습니다.

///

## 먼저 튜토리얼 읽기 { #read-the-tutorial-first }

다음 섹션은 주요 [튜토리얼 - 사용자 가이드: 보안](../../tutorial/security/index.md)을 이미 읽었다고 가정합니다.

     * @return The HTML response.
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse index() {
        return asListHtml();
    }

    /**
     * Show the list page.
     * @param pageNumber The page number.
     * @param form The search form.
     * @return The HTML response.
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })

/// info | Технічні деталі

**FastAPI** знатиме, що може використати клас `OAuth2PasswordBearer` (оголошений у залежності), щоб визначити схему безпеки в OpenAPI, тому що він наслідує `fastapi.security.oauth2.OAuth2`, який своєю чергою наслідує `fastapi.security.base.SecurityBase`.

Усі утиліти безпеки, які інтегруються з OpenAPI (і автоматичною документацією API), наслідують `SecurityBase`. Так **FastAPI** розуміє, як інтегрувати їх в OpenAPI.

///

import java.util.List;
import java.util.Map;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.fess.Constants;
import org.codelibs.fess.annotation.Secured;
import org.codelibs.fess.app.pager.KeyMatchPager;
import org.codelibs.fess.app.service.KeyMatchService;
import org.codelibs.fess.app.web.CrudMode;
import org.codelibs.fess.app.web.base.FessAdminAction;

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## 取得使用者 { #get-the-user }

`get_current_user` 會使用我們建立的（假的）工具函式，它接收一個作為 `str` 的 token，並回傳我們的 Pydantic `User` 模型：

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## 注入目前使用者 { #inject-the-current-user }

現在我們可以在*路徑操作*中用相同的 `Depends` 來使用 `get_current_user`：

{* ../../docs_src/security/tutorial002_an_py310.py hl[31] *}

* 导入 `HTTPBasic` 与 `HTTPBasicCredentials`
* 使用 `HTTPBasic` 创建**安全方案**
* 在*路径操作*的依赖项中使用 `security`
* 返回类型为 `HTTPBasicCredentials` 的对象：
    * 包含发送的 `username` 与 `password`

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

第一次打开 URL（或在 API 文档中点击 **Execute** 按钮）时，浏览器要求输入用户名与密码：

<img src="/img/tutorial/security/image12.png">

## 检查用户名 { #check-the-username }

以下是更完整的示例。

使用依赖项检查用户名与密码是否正确。

Since, the client would have the session it can do it by itself.

The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations. The policy applied to these temporary credentials is inherited from the MinIO user credentials. By default, the temporary security credentials created by AssumeRole last for one hour. However, use the optional DurationSeconds...

the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithClientGrants last for one hour. However, use the optional DurationSeconds parameter to specify the duration of the...

        final int negotiateContextOffset = SMBUtil.readInt4(buffer, bufferIndex);
        bufferIndex += 4;

        // Validate security buffer parameters
        if (securityBufferLength < 0 || securityBufferLength > 65536) { // 64KB max for security buffer
            throw new SMBProtocolDecodingException("Invalid security buffer length: " + securityBufferLength + " (must be 0-65536)");
        }
        if (securityBufferOffset < 0) {

        assertNull(response.getSecurityDescriptor());
    }

    @Test
    @DisplayName("Test readDataWireFormat with valid security descriptor")
    void testReadDataWireFormatWithValidSecurityDescriptor() throws Exception {
        // Create a minimal valid security descriptor buffer
        byte[] buffer = createValidSecurityDescriptorBuffer();

        // Set error code to 0
        setErrorCode(response, 0);