`Body`や`Query`の場合と同じようにフォームパラメータを作成します:

{* ../../docs_src/request_forms/tutorial001.py hl[7] *}

例えば、OAuth2仕様が使用できる方法の１つ（「パスワードフロー」と呼ばれる）では、フォームフィールドとして`username`と`password`を送信する必要があります。

<abbr title="仕様">仕様</abbr>では、フィールドの名前が`username`と`password`であることと、JSONではなくフォームフィールドとして送信されることを要求しています。

`Form`では`Body`（および`Query`や`Path`、`Cookie`）と同じメタデータとバリデーションを宣言することができます。

/// info | 情報

`Form`は`Body`を直接継承するクラスです。

///

        assertEquals("{labels.duplicateHostName}", FessLabels.LABELS_DUPLICATE_HOST_NAME);
        assertEquals("{labels.pageNumber}", FessLabels.LABELS_PAGE_NUMBER);
        assertEquals("{labels.password}", FessLabels.LABELS_PASSWORD);
        assertEquals("{labels.paths}", FessLabels.LABELS_PATHS);
        assertEquals("{labels.port}", FessLabels.LABELS_PORT);
        assertEquals("{labels.regex}", FessLabels.LABELS_REGEX);

     */
    protected static boolean isMaskedValue(final String key) {
        return "http.proxy.password".equals(key) //
                || "ldap.admin.security.credentials".equals(key) //
                || "spnego.preauth.password".equals(key) //
                || "app.cipher.key".equals(key) //
                || "oic.client.id".equals(key) //

}

func TestExplainSQL(t *testing.T) {
	type role string
	type password []byte
	type intType int
	type floatType float64
	var (
		tt                 = now.MustParse("2020-02-23 11:10:10")
		myrole             = role("admin")
		pwd                = password("pass")
		jsVal              = []byte(`{"Name":"test","Val":"test"}`)
		js                 = JSON(jsVal)

  var scheme = ""
  var username = ""
  var password: String? = null
  var host = ""
  var port = ""
  var path = ""
  var query = ""
  var fragment = ""

  fun expectParseFailure() = scheme.isEmpty()

  private operator fun set(
    name: String,
    value: String,
  ) {
    when (name) {
      "s" -> scheme = value
      "u" -> username = value
      "pass" -> password = value
      "h" -> host = value

	typedef struct {
		[string] wchar_t *netname;
		int type;
		[string] wchar_t *remark;
		uint32_t permissions;
		uint32_t max_uses;
		uint32_t current_uses;
		[string] wchar_t *path;
		[string] wchar_t *password;
		uint32_t sd_size;
		[size_is(sd_size)] uint8_t *security_descriptor;
	} ShareInfo502;

	typedef struct {
		int count;
		[size_is(count)] ShareInfo502 *array;
	} ShareInfoCtr502;

Если клиент попробует отправить дополнительные данные, то в ответ он получит **ошибку**.

Например, если клиент попытается отправить поля формы:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

То в ответ он получит **ошибку**, сообщающую ему, что поле `extra` не разрешено:

```json
{
    "detail": [
        {
            "type": "extra_forbidden",

                                    <label for="password" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.user_password"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="password"/>
                                        <la:password styleId="password" property="password" styleClass="form-control"/>

But first, let's check some small concepts.

## In a hurry? { #in-a-hurry }

If you don't care about any of these terms and you just need to add security with authentication based on username and password *right now*, skip to the next chapters.

## OAuth2 { #oauth2 }

OAuth2 is a specification that defines several ways to handle authentication and authorization.

        });
    }

    /**
     * Changes the password for a user in the LDAP directory.
     *
     * @param username the username of the user
     * @param password the new password
     * @return true if the password was changed successfully, false otherwise
     */
    public boolean changePassword(final String username, final String password) {
        if (!fessConfig.isLdapAdminEnabled(username)) {