import com.google.common.testing.NullPointerTester;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import junit.framework.TestCase;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import sun.security.jca.ProviderList;
import sun.security.jca.Providers;

/**
 * Tests for the MacHashFunction.
 *

 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac.kerberos;

import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;

import jcifs.pac.PACDecodingException;
import jcifs.pac.Pac;

/**
 * Kerberos authorization data containing PAC (Privilege Attribute Certificate) information.
 */

 *
 * <p>Key features include:</p>
 * <ul>
 *   <li>Password encryption and decryption</li>
 *   <li>Master password management</li>
 *   <li>Security settings configuration</li>
 * </ul>
 *
 * @see org.apache.maven.api.cli.Tools#MVNENC_CMD
 * @see org.apache.maven.api.cli.Tools#MVNENC_NAME
 * @since 4.0.0
 */

import org.lastaflute.core.direction.CachedFwAssistantDirector;
import org.lastaflute.core.direction.FwAssistDirection;
import org.lastaflute.core.direction.FwCoreDirection;
import org.lastaflute.core.security.InvertibleCryptographer;
import org.lastaflute.core.security.OneWayCryptographer;
import org.lastaflute.db.dbflute.classification.ListedClassificationProvider;
import org.lastaflute.db.direction.FwDbDirection;
import org.lastaflute.web.direction.FwWebDirection;

# Настройка авторизации { #security }

Существует множество способов обеспечения безопасности, аутентификации и авторизации.

Обычно эта тема является достаточно сложной и трудной.

Во многих фреймворках и системах только работа с определением доступов к приложению и аутентификацией требует значительных затрат усилий и написания множества кода (во многих случаях его объём может составлять более 50% от всего написанного кода).

import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.security.MessageDigest;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.junit.jupiter.api.DisplayName;

import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;

import java.util.HashMap;
import java.util.Map;

import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

    /**
     * Sent by the server to indicate that the server and client are
     * on the same machine. This implies that the server will include
     * a local security context handle in the Type 2 message, for
     * use in local authentication.
     */
    int NTLMSSP_NEGOTIATE_LOCAL_CALL = 0x00004000;

    /**
     * Indicates that authenticated communication between the client

an application (for example, on mobile devices) that requests temporary security credentials without including MinIO long lasting credentials in the application. Instead, the identity of the caller is validated by using a JWT id_token from the web identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the...

새 액세스 토큰을 생성하기 위한 유틸리티 함수를 생성합니다.

{* ../../docs_src/security/tutorial004_an_py310.py hl[4,7,13:15,29:31,79:87] *}

## 의존성 수정

`get_current_user` 함수를 이전과 동일한 토큰을 받도록 수정하되, 이번에는 JWT 토큰을 사용하도록 합니다.

받은 토큰을 디코딩하여 검증한 후 현재 사용자를 반환합니다.

토큰이 유효하지 않다면 HTTP 오류를 반환합니다.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## `/token` 경로 작업 수정