private static final long serialVersionUID = 1L;

    /**
     * Constructs a new FessUserNotFoundException with the specified username.
     *
     * @param username the username that was not found
     */
    public FessUserNotFoundException(final String username) {
        super("User is not found: " + username);
    }

    * İçinde gönderilen `username` ve `password` bulunur.

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

URL’yi ilk kez açmaya çalıştığınızda (veya dokümanlardaki "Execute" butonuna tıkladığınızda) tarayıcı sizden kullanıcı adınızı ve şifrenizi ister:

<img src="/img/tutorial/security/image12.png">

## Kullanıcı adını kontrol edin { #check-the-username }

Daha kapsamlı bir örneğe bakalım.

本章添加上一章示例中欠缺的部分，实现完整的安全流。

## 获取 `username` 和 `password` { #get-the-username-and-password }

首先，使用 **FastAPI** 安全工具获取 `username` 和 `password`。

OAuth2 规范要求使用“密码流”时，客户端或用户必须以表单数据形式发送 `username` 和 `password` 字段。

并且，这两个字段必须命名为 `username` 和 `password`，不能使用 `user-name` 或 `email` 等其它名称。

不过也不用担心，前端仍可以显示终端用户所需的名称。

数据库模型也可以使用所需的名称。

但对于登录*路径操作*，则要使用兼容规范的 `username` 和 `password`，（例如，实现与 API 文档集成）。

    }

    private String maskUsername(String username) {
        if (!maskSensitiveData || username == null) {
            return username;
        }

        // Show first and last character only
        if (username.length() <= 2) {
            return "***";
        }

        return username.charAt(0) + "***" + username.charAt(username.length() - 1);
    }

     *
     * @param form the form containing duplicate host data
     * @param username the current username
     * @param currentTime the current timestamp
     * @return optional duplicate host entity
     */
    public static OptionalEntity<DuplicateHost> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

        assertEquals(25, fileAuthPager.getPageSize());
        assertEquals(1, fileAuthPager.getCurrentPageNumber());
        assertNull(fileAuthPager.id);
        assertNull(fileAuthPager.port);
        assertNull(fileAuthPager.username);
        assertNull(fileAuthPager.fileConfigId);
        assertNull(fileAuthPager.versionNo);

        fileAuthPager.setAllRecordCount(999);
        assertEquals(999, fileAuthPager.getAllRecordCount());

                                    <label for="username" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.file_auth_username"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="username"/>
                                        <la:text styleId="username" property="username" styleClass="form-control"/>

        assertTrue(testLdapManager.applyCalled);
    }

    // Helper method to create test user
    private User createTestUser(String username, String password) {
        User user = new User();
        user.setName(username);
        user.setPassword(password);
        user.setRoles(new String[] { "role1", "role2" });
        user.setGroups(new String[] { "group1", "group2" });
        return user;

Um dies zu lösen, konvertieren wir zunächst den `username` und das `password` in UTF-8-codierte `bytes`.

Dann können wir `secrets.compare_digest()` verwenden, um sicherzustellen, dass `credentials.username` `"stanleyjobson"` und `credentials.password` `"swordfish"` ist.

{* ../../docs_src/security/tutorial007_an_py310.py hl[1,12:24] *}

Dies wäre das gleiche wie:

```Python

     *
     * @param form the create form
     * @param username the current username
     * @param currentTime the current time
     * @return optional key match entity
     */
    public static OptionalEntity<KeyMatch> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE: