Servlet - Triggering authentication programmatically with HttpServletRequest.authenticate()

[Last Updated: Jul 13, 2017]

In this example, we will learn how to trigger container managed authentication programmatically by using HttpServletRequest.authenticate() method. In this case, we will not use @ServletSecurity (like last example) which is a declarative approach to specify security constraints on a servlet.

Example

The Servlet

@WebServlet(name = "myServlet", urlPatterns = {"/"})
public class MyServlet extends HttpServlet {

  @Override
  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
          throws ServletException, IOException {
      resp.setContentType("text/html");
      PrintWriter writer = resp.getWriter();

      if (shouldAuthenticate(req)) {
          boolean authenticated = req.authenticate(resp);
          if (authenticated) {
              if (req.getUserPrincipal() != null) {
                  writer.println("user authenticated " + req.getUserPrincipal().getName());
              }
          } else {
              return;
          }
      }

      writer.println("<p>some data</p>");
  }

  private boolean shouldAuthenticate(HttpServletRequest req) {
      //todo: apply some real condition
      return true;
  }
}

Adding login-config in web.xml

src/main/webapp/WEB-INF/web.xml

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                             http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
    </login-config>

</web-app>

Adding tomcat-users.xml

As we are going to run embedded tomcat for this example, we will add tomcat-user.xml in the project:

src/main/webapp/config/tomcat-users.xml

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
    <role rolename="employee"/>
    <user username="tina" password="123" roles="employee"/>
</tomcat-users>

Specifying tomcat-user.xml location

pom.xml

<plugin>
  <groupId>org.apache.tomcat.maven</groupId>
  <artifactId>tomcat7-maven-plugin</artifactId>
  <version>2.2</version>
  <configuration>
   <path>/</path>
   <tomcatUsers>src/main/webapp/config/tomcat-users.xml</tomcatUsers>
  </configuration>
 </plugin>

To try examples, run embedded tomcat (configured in pom.xml of example project below):

mvn tomcat7:run-war

Output

On submitting user/password:

Example Project

Dependencies and Technologies Used:

javax.servlet-api 3.1.0 Java Servlet API
JDK 1.8
Maven 3.5.4

HttpServletRequest.authenticate() Example

Select All

Download

servlet-authenticate-example
- src
  - main
    - java
      - com
        logicbig
        example
        
        MyServlet.java
    - webapp
      - WEB-INF
        
        web.xml
      - config
        
        tomcat-users.xml
- pom.xml