The Servlet Basic Authentication Annotation Example explains how to configure basic authentication annotation with a Java Servlet. With basic authentication of a servlet, the web browser presents a standard login dialog that is not customizable. When a user submits his or her name and password, the server determines whether the user name and password are those of an authorized user and sends the requested web resource if the user is authorized to view it. His or her name and password automatically gets Base64 encoded which do not mean that it is safe. Base64 encoding can be easily decrypted. This is tenth post of series of Java Servlet Tutorial. This series tutorial will provide you full knowledge about Servlet 3.0.
Table of contents:
1. Configure your credentials
2. Authenticated Servlet
3. Not authenticated Servlet
4. Deploy Servlet Basic Authentication Annotation Example
Configure your credentials Username/password
We are using Tomcat 8 to do the Basic Authentication Annotation configuration for this example. We use tomcat-users.xml file to register a username/password combination with the appropriate row. This file is located at ../apache-tomcat-8.0.33/conf/tomcat-users.xml.
|
1 2 3 4 5 6 7 8 9 |
<pre class="lang:default decode:true " ><?xml version='1.0' encoding='utf-8'?> <tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"> <user username="javabycode" password="P@ssw0rd" roles="auth"/> </tomcat-users></pre> |
Authenticated Servlet
Using annotations to configure our servlet can completely eliminate the use of a servlet descriptor. However there still are some configuration which are not currently available using annotations. We’ll get to that later. First lets see what’s happening here. We can register our servlet using the @WebServlet annotation. Next we can secure the servlet using the @ServletSecurity annotation, you can configure which roles are allowed and specify which HttpMethods are restricted.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
package com.javabycode; import javax.servlet.ServletException; import javax.servlet.annotation.HttpConstraint; import javax.servlet.annotation.HttpMethodConstraint; import javax.servlet.annotation.ServletSecurity; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; @WebServlet("/auth") @ServletSecurity( value = @HttpConstraint( rolesAllowed = { "auth" }), httpMethodConstraints = { @HttpMethodConstraint(value = "GET", rolesAllowed = { "auth" }), @HttpMethodConstraint(value = "POST") }) public class AuthServlet extends HttpServlet{ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { PrintWriter out = resp.getWriter(); out.write("Your credentials are authenticated to access web application"); } } |
Not authenticated Servlet
We should create a servlet without security such as the example opposite with the Authenticated Servlet
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
package com.javabycode; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; @WebServlet("/notauth") public class NotAuthServlet extends HttpServlet{ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { PrintWriter out = resp.getWriter(); out.write("The authentication is not required"); } } |
Deploy Servlet Basic Authentication Annotation Example
Make a request with servlet basic authentication by the address URL: http://localhost:8080/servlet-auth/auth
Typing the credentials such as username=javabycode and password=P@ssw0rd then getting the result
If you type the incorrect credentials you will get the error such as the screen shot
Make another request without servlet basic authentication by the address URL: http://localhost:8080/servlet-auth/notauth
You will get the result such as
That’s all on how to build a Servlet Basic Authentication Annotation Example in Java. Hope that it is useful to you. You can also find other servlet example in the series of Java Servlet Example.
Download source code, please click link below
Servlet-Basic-Authentication-Annotation-Example.zip (244 downloads)
Happy learning!
Hi,
I download your app but not working!
Which problem did you get?