Home » Java » Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Why use the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Posted by: admin December 28, 2021 Leave a comment

Questions:

Why do this?

<input type="text" name="j_username" value="${SPRING_SECURITY_LAST_USERNAME}">

instead of this?

<input type="text" name="username" value="">

What’s the value of the j_username and SPRING_SECURITY_LAST_USERNAME variables?

Answers:

j_username and j_password are standardized names in the Java Servlet specification, so the application servers (or servlet containers) know about them and can perform container authentication, independently of the application. This allows for example single-sign on into multiple webapps deployed in the same application server. See chapter “SRV 12.5.3 Form Based Authentication” in JSR-154

The Spring Security constant is just a convenience for users, so they don’t have to re-enter their username, if Spring Security recognizes them it automatically suggests the username.