k.accessToken = accessToken
	k.Unlock()
	return nil
}

// LookupUser lookup user by their userid.
func (k *KeycloakProvider) LookupUser(userid string) (User, error) {
	req, err := http.NewRequest(http.MethodGet, k.adminURL, nil)
	if err != nil {
		return User{}, err
	}
	req.URL.Path = path.Join(req.URL.Path, "realms", k.realm, "users", userid)

	k.Lock()
	accessToken := k.accessToken
	k.Unlock()

    # o additionalUserMap: (NotRequired - Default map:{})
    #  You can set additional users.
    #  Elements of this map are as below:
    #   o key of map: User Definition Name (userDefName)
    #   o url: (NotRequired - Default same as one of main schema)
    #   o schema: (NotRequired - Default treated as no schema setting)
    #   o user: (Required)
    #   o password: password plainly or path to password file (with default password)

/**
 * Service class for managing related query entities.
 * This service provides operations to retrieve, store, and delete related queries,
 * which are used to suggest alternative search terms to users.
 */
public class RelatedQueryService extends FessAppService {

    /**
     * Default constructor for RelatedQueryService.
     * This constructor is used by the DI container to create an instance of the service.

```json
{
    "user": <string>,
    "maxValiditySeconds": <integer>,
    "claims": <key-value-pairs>
}
```

| Parameter Name     | Value Type                              | Purpose                                                |
|--------------------|-----------------------------------------|--------------------------------------------------------|

            assertEquals("", domain.getAccountName());

            // User in regular domain
            SID user = new SID(buildSidT((byte) 1, ident, 10, 20, 99), jcifs.SID.SID_TYPE_USER, "MYDOM", "alice", false);
            assertEquals("MYDOM", user.getDomainName());
            assertEquals("alice", user.getAccountName());
            assertEquals("MYDOM\\alice", user.toDisplayString());
        }

        @Test

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...

```JSON
{
  "detail": "Not authenticated"
}
```

### 未激活用户

测试未激活用户，输入以下信息，进行身份验证：

用户名：`alice`

密码：`secret2`

然后，执行 `/users/me` 路径的 `GET` 操作。

显示下列**未激活用户**错误信息：

```JSON
{
  "detail": "Inactive user"
}
```

## 小结

使用本章的工具实现基于 `username` 和 `password` 的完整 API 安全系统。

这些工具让安全系统兼容任何数据库、用户及数据模型。

唯一欠缺的是，它仍然不是真的**安全**。