<la:form styleId="login" method="post">
					<div class="input-group mb-3">
						<c:set var="ph_username">
							<la:message key="labels.login.placeholder_username" />
						</c:set>
						<la:text property="username" styleId="username"
							class="form-control" placeholder="${ph_username}" />
						<div class="input-group-append">
							<span class="input-group-text">
								<em class="fa fa-user fa-fw">
            				</span>

                .put("http.heartbeat_interval", fessConfig.getFesenHeartbeatInterval());
        final String username = fessConfig.getFesenUsername();
        final String password = fessConfig.getFesenPassword();
        if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
            builder.put(Constants.FESEN_USERNAME, username);
            builder.put(Constants.FESEN_PASSWORD, password);
        }

## Pegue o `username` (nome de usuário) e `password` (senha)

É utilizado o utils de segurança da **FastAPI** para obter o `username` e a `password`.

OAuth2 especifica que ao usar o "password flow" (fluxo de senha), que estamos usando, o cliente/usuário deve enviar os campos `username` e `password` como dados do formulário.

								</source>
							</sources>
						</mapping>
						<mapping>
							<directory>${packaging.fess.var.dir}</directory>
							<filemode>755</filemode>
							<username>${packaging.fess.user}</username>
							<groupname>${packaging.fess.group}</groupname>
						</mapping>
						<!-- bin -->
						<mapping>
							<directory>${packaging.fess.bin.dir}</directory>
							<filemode>755</filemode>

  /**
   * The decoded username, or an empty string if none is present.
   *
   * | URL                              | `username()` |
   * | :------------------------------- | :----------- |
   * | `http://host/`                   | `""`         |
   * | `http://username@host/`          | `"username"` |
   * | `http://username:password@host/` | `"username"` |
   * | `http://a%20b:c%20d@host/`       | `"a b"`      |

     *
     * @param form create form containing elevate word data
     * @param username current user's username
     * @param currentTime current timestamp
     * @return optional ElevateWord entity
     */
    public static OptionalEntity<ElevateWord> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

     * @param form the form containing the scheduled job data
     * @param username the username of the user performing the operation
     * @param currentTime the current timestamp
     * @return optional entity containing the scheduled job data, or empty if creation fails
     */
    private static OptionalEntity<ScheduledJob> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {

        parentProps.setProperty("jcifs.smb.client.domain", "parentdomain");
        parentProps.setProperty("jcifs.smb.client.username", "parentuser");

        Properties childProps = new Properties(parentProps);
        childProps.setProperty("jcifs.smb.client.username", "childuser");

        // When
        PropertyConfiguration testConfig = new PropertyConfiguration(childProps);

        // Then

        final SystemHelper systemHelper = ComponentUtil.getSystemHelper();
        final String username = systemHelper.getUsername();
        final long currentTime = systemHelper.getCurrentTimeAsLong();
        return getEntity(form, username, currentTime).map(entity -> {
            entity.setUpdatedBy(username);
            entity.setUpdatedTime(currentTime);

Así que, revisémoslo desde ese punto de vista simplificado:

* El usuario escribe el `username` y `password` en el frontend, y presiona `Enter`.
* El frontend (ejecutándose en el navegador del usuario) envía ese `username` y `password` a una URL específica en nuestra API (declarada con `tokenUrl="token"`).
* La API verifica ese `username` y `password`, y responde con un "token" (no hemos implementado nada de esto aún).