Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Question

Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Why is this?

<input type="text" name="j_username" value="${SPRING_SECURITY_LAST_USERNAME}">

instead of this?

 <input type="text" name="username" value="">

What is the value of j_username and SPRING_SECURITY_LAST_USERNAME?

+6

java spring-security jsp servlets

Dieter gantz Sep 24 '10 at 22:30

source share

1 answer

mhaller · Accepted Answer · 2010-09-24T22:41:53+0000

j_username and j_password are standardized names in the Java Servlet specification, so application servers (or servlet containers) are aware of them and can authenticate the container regardless of the application. This allows, for example, to include a single character in several web applications deployed on the same application server. See “SRV 12.5.3 Form-Based Authentication” in JSR-154

Spring's security constant is just a convenience for users, so they don’t need to re-enter their username; if Spring Security recognizes them, it automatically suggests a username.

Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

More articles: