adminRouter.Methods(http.MethodGet).Path(adminVersion + "/healthinfo").
			HandlerFunc(adminMiddleware(adminAPI.HealthInfoHandler))

		// STS Revocation
		adminRouter.Methods(http.MethodPost).Path(adminVersion + "/revoke-tokens/{userProvider}").HandlerFunc(adminMiddleware(adminAPI.RevokeTokens))
	}

	// If none of the routes match add default error handler routes
	adminRouter.NotFoundHandler = httpTraceAll(errorResponseHandler)

     */
    boolean isAllowNTLMFallback();

    /**
     * Property {@code jcifs.smb.useRawNTLM} (boolean, default false)
     *
     * @return whether to use raw NTLMSSP tokens instead of SPNEGO wrapped ones
     * @since 2.1
     */
    boolean isUseRawNTLM();

    /**
     *
     * Property {@code jcifs.smb.client.disablePlainTextPasswords} (boolean, default true)
     *

                    final String msg = e.getMessage();
                    if (StringUtil.isNotEmpty(msg) && msg.contains("index.analyze.max_token_count")) {
                        logger.warn("Failed to parse document (token count exceeded): index={}, message={}", index, msg);
                        return Stream.empty();
                    }
                    throw e;
                }
            }).toArray(SuggestItem[]::new);

Это тот же механизм, когда вы даёте разрешения при входе через Facebook, Google, GitHub и т.д.:

<img src="/img/tutorial/security/image11.png">

## JWT-токены со scopes { #jwt-token-with-scopes }

Теперь измените операцию пути, выдающую токен, чтобы возвращать запрошенные scopes.

labels.purgeUserInfoDay=删除以前的用户日志
labels.reading=阅读
labels.roleTypeIds=角色ID
labels.scriptData=脚本
labels.scriptResult=结果
labels.scriptType=执行方法
labels.segmentation=分段
labels.startTime=开始时间
labels.target=目标
labels.token=令牌
labels.synonymFile=同义词文件
labels.stopwordsFile=停用词文件
labels.stemmerOverrideFile=词干覆盖文件
labels.mappingFile=映射文件
labels.protwordsFile=Protwords文件
labels.kuromojiFile=Kuromoji文件
labels.elevateWordFile=提升词文件

### **Cluster Lifecycle**

*   You must either specify the `--discovery-token-ca-cert-hash` flag to `kubeadm join`, or opt out of the CA pinning feature using `--discovery-token-unsafe-skip-ca-verification`.
*   The default `auto-detect` behavior of the kubelet's `--cloud-provider` flag is removed.

    * kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.

testdata/huffman-zero.wb.expect", "src/compress/flate/testdata/huffman-zero.wb.expect-noinput", "src/compress/flate/testdata/null-long-match.dyn.expect-noinput", "src/compress/flate/testdata/null-long-match.wb.expect-noinput", "src/compress/flate/token.go", "src/compress/flate/writer_test.go", "src/compress/gzip/", "src/compress/gzip/example_test.go", "src/compress/gzip/gunzip.go", "src/compress/gzip/gunzip_test.go", "src/compress/gzip/gzip.go", "src/compress/gzip/gzip_test.go", "src/compress/gz...

labels.reading=읽기
labels.roleTypeIds=역할 ID
labels.scriptData=스크립트
labels.scriptResult=결과
labels.scriptType=실행 방법
labels.segmentation=분할
labels.startTime=시작 시간
labels.target=대상
labels.token=토큰
labels.synonymFile=동의어 파일
labels.stopwordsFile=불용어 파일
labels.stemmerOverrideFile=Stemmer 덮어쓰기 파일
labels.mappingFile=매핑 파일
labels.protwordsFile=Protwords 파일
labels.kuromojiFile=Kuromoji 파일

- Node information is now embedded into Pod-bound service account tokens as additional metadata. The 'JTI' field is set in issued service account tokens, and this information is embedded as `authentication.kubernetes.io/credential-id` in the user's ExtraInfo. ([#123135](https://github.com/kubernetes/kubernetes/pull/123135), [@munnerz](https://github.com/munnerz))...