Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Why do this?

<input type="text" name="j_username" value="${SPRING_SECURITY_LAST_USERNAME}">

instead of this?

<input type="text" name="username" value="">

What's the value of the j_username and SPRING_SECURITY_LAST_USERNAME variables?

like image 360
Dieter Gantz Avatar asked Sep 24 '10 22:09

Dieter Gantz


1 Answers

j_username and j_password are standardized names in the Java Servlet specification, so the application servers (or servlet containers) know about them and can perform container authentication, independently of the application. This allows for example single-sign on into multiple webapps deployed in the same application server. See chapter "SRV 12.5.3 Form Based Authentication" in JSR-154

The Spring Security constant is just a convenience for users, so they don't have to re-enter their username, if Spring Security recognizes them it automatically suggests the username.

like image 72
mhaller Avatar answered Sep 21 '22 11:09

mhaller