*/
  @Throws(IOException::class)
  fun authenticate(
    route: Route?,
    response: Response,
  ): Request?

  companion object {
    /** An authenticator that knows no credentials and makes no attempt to authenticate. */
    @JvmField
    val NONE: Authenticator = AuthenticatorNone()

    private class AuthenticatorNone : Authenticator {
      override fun authenticate(

      </execution>
    </executions>
  </plugin>
  .
  .
  .
</plugins>

* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

## Multiple models { #multiple-models }

#*    *##elseif ( $license.name == "CDDL + GPLv2 with classpath exception" )
#*      *##set ( $spdx = 'CDDL+GPLv2-with-classpath-exception' )
#*    *##else
#*      *### unrecognized license will require analysis to know obligations
#*      *##set ( $spdx = $license )
#*    *##end
#*    *###
#*    *### fix project urls that are wrong in pom
#*    *##if ( $project.url.startsWith( "http://www.eclipse.org/sisu/" ) )

You have *path operations* for:

* `/items/`
* `/items/{item_id}`

It's all the same structure as with `app/routers/users.py`.

But we want to be smarter and simplify the code a bit.

We know all the *path operations* in this module have the same:

* Path `prefix`: `/items`.
* `tags`: (just one tag: `items`).
* Extra `responses`.
* `dependencies`: they all need that `X-Token` dependency we created.

///

## OpenAPI and API docs { #openapi-and-api-docs }

If you return additional status codes and responses directly, they won't be included in the OpenAPI schema (the API docs), because FastAPI doesn't have a way to know beforehand what you are going to return.

    // by the POM builder because they will have to be defined in plugin management. Once this is setComplete then it
    // can be passed back so that the default configuration information can be populated.
    //
    // We need to know the specific version so that we can look up the right version of the plugin descriptor
    // which tells us what the default configuration is.
    //

    /**

## Pin your `fastapi` version { #pin-your-fastapi-version }

The first thing you should do is to "pin" the version of **FastAPI** you are using to the specific latest version that you know works correctly for your application.

For example, let's say you are using version `0.112.0` in your app.

If you use a `requirements.txt` file you could specify the version with:

```txt
fastapi[standard]==0.112.0

 * Self-signed Signature: 799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f...
 * ```
 *
 * In this example the HTTP client already knows and trusts the last certificate, "Entrust Root
 * Certification Authority - G2". That certificate is used to verify the signature of the
 * intermediate certificate, "Entrust Certification Authority - L1M". The intermediate certificate

         */
        LIFECYCLE,
    }

    private Source source = Source.LIFECYCLE;

    /**
     * The phase may or may not have been bound to a phase but once the plan has been calculated we know what phase
     * this mojo execution is going to run in.
     */
    private String lifecyclePhase;

    /**