Latest Tutorials| Questions and Answers|Ask Questions?|Site Map



Home Servlets Servlet3 Authenticating Users Programmatically

Related Tutorials


 
 

Share on Google+Share on Google+

Authenticating Users Programmatically

Advertisement
This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.

Authenticating Users Programmatically

This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.

Java EE Security

In a multitier enterprise application, several containers are needed to deploy various components of Enterprise tiers. These container also provide security to these components. Two types of security is provided by the container :

  • Declarative security  
    It uses deployment descriptor (web.xml) or annotations , to define security essentials of application's components.

  • Programmatic security
    When declarative security is not enough to hold the application's security model, programmatic security is employed.

 

Programmatic Authentication

Programmatic authentication is the part of programmatic security. Programmatic security is used, when declarative security is not enough to hold the application's security model.

In Servlet 3.0, using following methods of HttpServletRequest provide us ability to authenticate users of  a web application programmatically :

  • authenticate(HttpServletResponse response) : Using authenticate method, application container can do requested caller authentication  by collecting username and password through login dialog box. It is an alternative of form-based login.

  • login(java.lang.String username, java.lang.String password) : Using authenticate method, application container collect username and password using login dialog box. It is an alternative of form-based login.

  • logout() :Using this method an application can reset the caller identity of a request.

The following example code shows how to use the login and logout methods :

MySecurityServlet.java

package roseindia;

import java.io.IOException;
import java.io.PrintWriter;

import javax.annotation.security.DeclareRoles;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

//Annotation for defining the Servlet name and its URL pattern
@WebServlet(name = "MySecurityServlet", urlPatterns = { "/MySecurityServlet" })
// Annotation for declaring roles
@DeclareRoles("manager")
public class MySecurityServlet extends HttpServlet {

protected void processRequest(HttpServletRequest request,
HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();

try {

String myUsername = request.getParameter("UserName");
String myPassword = request.getParameter("Password");

try {

request.login(myUsername, myPassword);

} catch (ServletException ex) {

out.println("Login Failed" + ex.getMessage());

return;

}

out.println("The authenticated user is in Role: "
+ request.isUserInRole("securityguy"));
out.println("The authenticated remote username: "
+ request.getRemoteUser());
out.println("The authenticated Principal name: "
+ request.getUserPrincipal());
out.println("The authentication type: " + request.getAuthType());

} catch (Exception e) {

throw new ServletException(e);

} finally {

request.logout();

out.close();

}

}

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

processRequest(request, response);

}

public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

processRequest(request, response);

}
}

The following example code shows how to use the authenticate method:

MyAuthServlet.java

package roseindia;

import java.io.*;
import javax.servlet.*;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;

@WebServlet(name="MyAuthServlet", urlPatterns={"/MyAuthServlet"})
public class MyAuthServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();

try {

// Launch the BASIC authentication dialog
request.authenticate(response);
out.println("Authenticate Successful");

} finally {
out.close();
}
}

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
processRequest(request, response);
}
}
Advertisements

If you enjoyed this post then why not add us on Google+? Add us to your Circles



Liked it!  Share this Tutorial


Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Posted on: July 3, 2012

Related Tutorials

Discuss: Authenticating Users Programmatically  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:1
Roberto
July 26, 2013
How must web.xml be for this?

This tutorial is very interesting, but I miss information about the contents needed in web.xml for the example given to work.
DMCA.com