}

  @Test
  fun toUriWithUsernameNoPassword() {
    val httpUrl =
      HttpUrl
        .Builder()
        .scheme("http")
        .username("user")
        .host("host")
        .build()
    assertThat(httpUrl.toString()).isEqualTo("http://user@host/")
    assertThat(httpUrl.toUri().toString()).isEqualTo("http://user@host/")
  }

  @Test

    private Date kickOffTime;
    private Date pwdLastChangeTime;
    private Date pwdCanChangeTime;
    private Date pwdMustChangeTime;
    private short logonCount;
    private short badPasswordCount;
    private String userName;
    private String userDisplayName;
    private String logonScript;
    private String profilePath;
    private String homeDirectory;
    private String homeDrive;
    private String serverName;

     * @param domain
     *            domain for NTLM fallback
     * @param username
     *            user for NTLM fallback
     * @param password
     *            password for NTLM fallback
     */
    public Kerb5Authenticator(Subject subject, String domain, String username, String password) {
        super(domain, username, password);
        this.canFallback = true;
        this.subject = subject;
    }

                                        <th><la:message
                                                key="labels.webauth_username"/></th>
                                        <td>${f:h(username)}<la:hidden property="username"/></td>
                                    </tr>
                                    <tr>
                                        <th><la:message

## `Form`のパラメータの定義

`Body`や`Query`の場合と同じようにフォームパラメータを作成します:

{* ../../docs_src/request_forms/tutorial001.py hl[7] *}

例えば、OAuth2仕様が使用できる方法の１つ（「パスワードフロー」と呼ばれる）では、フォームフィールドとして`username`と`password`を送信する必要があります。

<abbr title="仕様">仕様</abbr>では、フィールドの名前が`username`と`password`であることと、JSONではなくフォームフィールドとして送信されることを要求しています。

`Form`では`Body`（および`Query`や`Path`、`Cookie`）と同じメタデータとバリデーションを宣言することができます。

/// info | 情報

`Form`は`Body`を直接継承するクラスです。

```JSON
{
    "item": {
        "name": "Foo",
        "description": "The pretender",
        "price": 42.0,
        "tax": 3.2
    },
    "user": {
        "username": "dave",
        "full_name": "Dave Grohl"
    }
}
```

/// note | Nota

        final String username = systemHelper.getUsername();
        runtime.registerData("username", username);
        runtime.registerData("editableUser", fessLoginAssist.getSavedUserBean().map(FessUserBean::isEditable).orElse(false));
        runtime.registerData("adminUser",
                fessConfig.isAdminUser(username) || fessLoginAssist.getSavedUserBean()

Usando as credenciais:

Username: `johndoe`
Password: `secret`

/// check | Verifique

Observe que em nenhuma parte do código está a senha em texto puro "`secret`", nós temos apenas o hash.

///

<img src="/img/tutorial/security/image08.png">

Chame o endpoint `/users/me/`, você receberá o retorno como:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",

     * Must be in ISO 8601 format: YYYY-MM-DDTHH:MM:SS
     */
    @Pattern(regexp = "[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]")
    public String expires;

    /**
     * The username of the user who created this access token.
     * Maximum length is 1000 characters.
     */
    @Size(max = 1000)
    public String createdBy;

    /**
     * The timestamp when this access token was created.

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verificar el `username` y la forma de los datos

Verificamos que obtenemos un `username`, y extraemos los scopes.