</div>
					</div>
					<div class="input-group mb-3">
						<c:set var="ph_password">
							<la:message key="labels.login.placeholder_password" />
						</c:set>
						<la:password property="password" class="form-control"
							placeholder="${ph_password}" />
						<div class="input-group-append">
							<span class="input-group-text">
								<em class="fa fa-lock fa-fw">
							</span>
						</div>

	// Indicates if the value contains sensitive info that shouldn't be exposed
	// in certain apis (such as Health Diagnostics/Callhome)
	Sensitive bool `json:"-"`

	// Indicates if the value is a secret such as a password that shouldn't be
	// exposed by the server
	Secret bool `json:"-"`

	// Indicates if sub-sys supports multiple targets.
	MultipleTargets bool `json:"multipleTargets"`
}

# OAuth2 com Senha (e hashing), Bearer com tokens JWT { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Agora que temos todo o fluxo de segurança, vamos tornar a aplicação realmente segura, usando tokens <abbr title="JSON Web Tokens">JWT</abbr> e hashing de senhas seguras.

Este código é algo que você pode realmente usar na sua aplicação, salvar os hashes das senhas no seu banco de dados, etc.

Vamos começar de onde paramos no capítulo anterior e incrementá-lo.

Якщо клієнт спробує надіслати додаткові дані, він отримає **відповідь з помилкою**.

Наприклад, якщо клієнт спробує надіслати наступні поля форми:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

Він отримає відповідь із помилкою, яка повідомляє, що поле `extra` не дозволено:

```json
{
    "detail": [
        {
            "type": "extra_forbidden",

    val encodedUsername: String = httpUrl.encodedUsername()
    val username: String = httpUrl.username()
    val encodedPassword: String = httpUrl.encodedPassword()
    val password: String = httpUrl.password()
    val host: String = httpUrl.host()
    val port: Int = httpUrl.port()
    val pathSize: Int = httpUrl.pathSize()
    val encodedPath: String = httpUrl.encodedPath()

  * {{{https://maven.apache.org/guides/mini/guide-deployment-security-settings.html} Security and Deployment Settings}},

  * {{{https://maven.apache.org/guides/mini/guide-encryption-4.html} Password Encryption}},

		// More than maxConfigSize bytes were available
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL)
		return
	}

	password := cred.SecretKey
	configBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
	if err != nil {
		adminLogIf(ctx, err)
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
		return
	}

                        password = new String(auth.getPassword());
                    } catch (final Exception ex) {
                        log.debug("Interactive authentication failed", ex);
                    }
                }
                final Type2Message type2 = (Type2Message) message;
                message = new Type3Message(this.transportContext, type2, null, password, domain, user,

)

// Provider implements identity provider specific admin operations, such as
// looking up users, fetching additional attributes etc.
type Provider interface {
	LoginWithUser(username, password string) error
	LoginWithClientID(clientID, clientSecret string) error
	LookupUser(userid string) (User, error)

                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {
                    index = user.indexOf('/');
                }