* @param username the username to authenticate with
     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(String domain, String username, final String password) {
        int ci;

        if (username != null) {
            ci = username.indexOf('@');
            if (ci > 0) {
                domain = username.substring(ci + 1);
                username = username.substring(0, ci);

    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

<img src="/img/tutorial/security/image12.png">

## Check the username { #check-the-username }

Here's a more complete example.

                final String username = account.username();
                if (logger.isDebugEnabled()) {
                    logger.debug("homeAccountId:{} username:{}", homeAccountId, username);
                }
                permissionSet.add(systemHelper.getSearchRoleByUser(homeAccountId));
                permissionSet.add(systemHelper.getSearchRoleByUser(username));

                    final String username = paramMap.get(CRAWLER_FILE_AUTH + "." + fileAuthName + ".username");
                    final String password = paramMap.get(CRAWLER_FILE_AUTH + "." + fileAuthName + ".password");

                    if (StringUtil.isEmpty(username)) {
                        logger.warn("username is empty. fileAuth:{}", fileAuthName);
                        continue;

     *
     * @param form the login form containing username and password
     * @return the HTML response after login attempt
     */
    @Execute
    public HtmlResponse login(final LoginForm form) {
        validate(form, messages -> {}, () -> asIndexPage(form));
        verifyToken(() -> asIndexPage(form));
        final String username = form.username;
        final String password = form.password;

    private static final long serialVersionUID = 1L;

    /**
     * Constructs a new FessUserNotFoundException with the specified username.
     *
     * @param username the username that was not found
     */
    public FessUserNotFoundException(final String username) {
        super("User is not found: " + username);
    }

    }

    /**
     * Get the proxy username.
     *
     * @return username for the proxy server
     */
    public String getUserName() {
        return userName;
    }

    /**
     * Set the proxy username.
     *
     * @param userName username for the proxy server
     */
    public void setUserName(String userName) {
        this.userName = userName;
    }

    /**

     *
     * @param form the form containing duplicate host data
     * @param username the current username
     * @param currentTime the current timestamp
     * @return optional duplicate host entity
     */
    public static OptionalEntity<DuplicateHost> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

Oauth2️⃣ 🔧 👈 👩‍💻 ⚖️ 🛠️ 💪 🔬 💽 👈 🔓 👩‍💻.

✋️ 👉 💼, 🎏 **FastAPI** 🈸 🔜 🍵 🛠️ & 🤝.

, ➡️ 📄 ⚫️ ⚪️➡️ 👈 📉 ☝ 🎑:

* 👩‍💻 🆎 `username` & `password` 🕸, & 🎯 `Enter`.
* 🕸 (🏃‍♂ 👩‍💻 🖥) 📨 👈 `username` & `password` 🎯 📛 👆 🛠️ (📣 ⏮️ `tokenUrl="token"`).
* 🛠️ ✅ 👈 `username` & `password`, & 📨 ⏮️ "🤝" (👥 🚫 🛠️ 🙆 👉).
    *  "🤝" 🎻 ⏮️ 🎚 👈 👥 💪 ⚙️ ⏪ ✔ 👉 👩‍💻.
    * 🛎, 🤝 ⚒ 🕛 ⏮️ 🕰.

    }

    private String maskUsername(String username) {
        if (!maskSensitiveData || username == null) {
            return username;
        }

        // Show first and last character only
        if (username.length() <= 2) {
            return "***";
        }

        return username.charAt(0) + "***" + username.charAt(username.length() - 1);
    }