Tutorials
Specifying Security for Basic Authentication using @ServletSecurity
Specifying an Authentication Mechanism in the Deployment Descriptor
Authenticating Users Programmatically
Assembling web.xml from fragments
Ordering of web fragments
Introduction to web fragment
@MultipartConfig
@WebListener
@WebFilter
@WebInitParam
@WebServlet
AsyncListener Example
Class AsyncEvent important methods
AsyncContext complete method example
AsyncContext Interface addListener
AsyncListener Interface important methods
AsyncContext Interface important methods
AsyncContext Example
AsyncContext Interface dispatch method
ServletRequest Interface startAsync method
Servlet 3.0 Tutorial
Servlet 3.0 Features
Authenticating Users Programmatically
This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.
This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.Authenticating Users Programmatically
This section contains detailed description on 'authenticating users programmatically' which was introduced in Servlet 3.0.
Java EE Security
In a multitier enterprise application, several containers are needed to deploy various components of Enterprise tiers. These container also provide security to these components. Two types of security is provided by the container :
- Declarative security
It uses deployment descriptor (web.xml) or annotations , to define security essentials of application's components. - Programmatic security
When declarative security is not enough to hold the application's security model, programmatic security is employed.
Programmatic Authentication
Programmatic authentication is the part of programmatic security. Programmatic security is used, when declarative security is not enough to hold the application's security model.
In Servlet 3.0, using following methods of HttpServletRequest provide us ability to authenticate users of a web application programmatically :
- authenticate(HttpServletResponse response) : Using
authenticate method, application container can do requested caller
authentication by collecting username and password
through login dialog box. It is an alternative of form-based login.
- login(java.lang.String username, java.lang.String password) :
Using authenticate method, application container collect username and
password using login dialog box. It is an alternative of form-based login.
- logout() :Using this method an application can reset
the caller identity of a request.
The following example code shows how to use the login and logout methods :
MySecurityServlet.java
package roseindia;
import java.io.IOException;
import java.io.PrintWriter;
import javax.annotation.security.DeclareRoles;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//Annotation for defining the Servlet name and its URL pattern
@WebServlet(name = "MySecurityServlet", urlPatterns = { "/MySecurityServlet" })
// Annotation for declaring roles
@DeclareRoles("manager")
public class MySecurityServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
String myUsername = request.getParameter("UserName");
String myPassword = request.getParameter("Password");
try {
request.login(myUsername, myPassword);
} catch (ServletException ex) {
out.println("Login Failed" + ex.getMessage());
return;
}
out.println("The authenticated user is in Role: "
+ request.isUserInRole("securityguy"));
out.println("The authenticated remote username: "
+ request.getRemoteUser());
out.println("The authenticated Principal name: "
+ request.getUserPrincipal());
out.println("The authentication type: " + request.getAuthType());
} catch (Exception e) {
throw new ServletException(e);
} finally {
request.logout();
out.close();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
}
The following example code shows how to use the authenticate method:
MyAuthServlet.java
package roseindia;
import java.io.*;
import javax.servlet.*;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
@WebServlet(name="MyAuthServlet", urlPatterns={"/MyAuthServlet"})
public class MyAuthServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
// Launch the BASIC authentication dialog
request.authenticate(response);
out.println("Authenticate Successful");
} finally {
out.close();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
processRequest(request, response);
}
}
Ads
