}

    /**
     * Record successful authentication
     *
     * @param username the username
     * @param sourceIp the source IP
     */
    public void recordSuccess(String username, String sourceIp) {
        if (username != null) {
            AccountAttempts account = accountAttempts.get(username);
            if (account != null) {
                account.reset();
            }
        }

                username = username.substring(0, ci);
            } else {
                ci = username.indexOf('\\');
                if (ci > 0) {
                    domain = username.substring(0, ci);
                    username = username.substring(ci + 1);
                }
            }
        }

        this.domain = domain != null ? domain : "";
        this.username = username != null ? username : "";

        String username = "resetuser";
        String ip = "192.168.1.5";

        // Two failures
        assertTrue(rateLimiter.checkAttempt(username, ip));
        rateLimiter.recordFailure(username, ip);

        assertTrue(rateLimiter.checkAttempt(username, ip));
        rateLimiter.recordFailure(username, ip);

        // Success should reset counter
        assertTrue(rateLimiter.checkAttempt(username, ip));

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

            this.domain = domain;
            this.authType = authType;
            this.timestamp = System.currentTimeMillis();
            this.clientAddress = clientAddress;
            this.serverAddress = serverAddress;
        }

        public String getUsername() {
            return username;
        }

        public String getDomain() {
            return domain;
        }

     * @param username the username to authenticate with
     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(String domain, String username, final String password) {
        int ci;

        if (username != null) {
            ci = username.indexOf('@');
            if (ci > 0) {
                domain = username.substring(ci + 1);
                username = username.substring(0, ci);

        assertNotNull(exception);
        assertEquals("User is not found: " + username, exception.getMessage());
        assertNull(exception.getCause());
    }

    public void test_constructor_withUnicodeCharacters() {
        // Test with username containing Unicode characters
        String username = "ユーザー名";
        FessUserNotFoundException exception = new FessUserNotFoundException(username);

                final String username = account.username();
                if (logger.isDebugEnabled()) {
                    logger.debug("homeAccountId:{} username:{}", homeAccountId, username);
                }
                permissionSet.add(systemHelper.getSearchRoleByUser(homeAccountId));
                permissionSet.add(systemHelper.getSearchRoleByUser(username));

                    final String username = paramMap.get(CRAWLER_FILE_AUTH + "." + fileAuthName + ".username");
                    final String password = paramMap.get(CRAWLER_FILE_AUTH + "." + fileAuthName + ".password");

                    if (StringUtil.isEmpty(username)) {
                        logger.warn("username is empty. fileAuth:{}", fileAuthName);
                        continue;

    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

<img src="/img/tutorial/security/image12.png">

## Check the username { #check-the-username }

Here's a more complete example.