This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.
This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.
In a multitier enterprise application, several containers are needed to deploy various components of Enterprise tiers. These container also provide security to these components. Two types of security is provided by the container :
Programmatic authentication is the part of programmatic security. Programmatic security is used, when declarative security is not enough to hold the application's security model.
In Servlet 3.0, using following methods of HttpServletRequest provide us ability to authenticate users of a web application programmatically :
The following example code shows how to use the login and logout methods :
MySecurityServlet.java
package roseindia; import java.io.IOException; import java.io.PrintWriter; import javax.annotation.security.DeclareRoles; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //Annotation for defining the Servlet name and its URL pattern @WebServlet(name = "MySecurityServlet", urlPatterns = { "/MySecurityServlet" }) // Annotation for declaring roles @DeclareRoles("manager") public class MySecurityServlet extends HttpServlet { protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); try { String myUsername = request.getParameter("UserName"); String myPassword = request.getParameter("Password"); try { request.login(myUsername, myPassword); } catch (ServletException ex) { out.println("Login Failed" + ex.getMessage()); return; } out.println("The authenticated user is in Role: " + request.isUserInRole("securityguy")); out.println("The authenticated remote username: " + request.getRemoteUser()); out.println("The authenticated Principal name: " + request.getUserPrincipal()); out.println("The authentication type: " + request.getAuthType()); } catch (Exception e) { throw new ServletException(e); } finally { request.logout(); out.close(); } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } }
The following example code shows how to use the authenticate method:
MyAuthServlet.java
package roseindia; import java.io.*; import javax.servlet.*; import javax.servlet.annotation.WebServlet; import javax.servlet.http.*; @WebServlet(name="MyAuthServlet", urlPatterns={"/MyAuthServlet"}) public class MyAuthServlet extends HttpServlet { protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); try { // Launch the BASIC authentication dialog request.authenticate(response); out.println("Authenticate Successful"); } finally { out.close(); } } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } }
Ads