In this blog I will describe you how we can achieve programmatic login with Servlet 3.0 compliant JEE server or container.
The HttpServletRequest object in Servlet3 has got few new methods. Few of them are listed below.
The software used to illustrate the programmatic login are listed below.
below. I have created two jsp pages index.jsp & myaccount.jsp. index.jsp has the login form where I will submit my action to a servlet, where I will perform my authentication.
To authenticate the user inputs I have created a servlet named AuthServlet in my application. The AuthServlet holds the business logic to perform login. Please see the code snippet below.
The request object has login() method. which takes 2 parameters. The first one is the username & second parameter as password. Then the login method validates the username/password with the default realm. In case of tomcat the default realm is configured with file based tomcat-users.xml file. which can be found under $CATALINA_HOME/conf directory.
So we have to configure few users in the tomcat-users.xml file. See below for a sample config.
Tomcat creates an authenticated subjected by matching the username/password provided with the username password available in tomcat-users.xml file (The file based realm is the default realm in tomcat, we can change it to LDAPRealm/JNDIRealm, JDBCRealm, JAASRealm) .
Similar to login() method, the request object has another method named logout(), which just logs out the user from current authenticated subject. See the code below for logout functionality.
The complete code can be checked in at Google svn & can be found here. The screen shots of the above application in running mode are given below.
Let me know if you find any difficulty in accessing or executing the code.
Thanks,
Abani R. Behera
The HttpServletRequest object in Servlet3 has got few new methods. Few of them are listed below.
- login(username, password) - validate the user with specified username & password with the default realm & creates an authenticated subject in the current request.
- logout() - logs out the current logged in user/subject
- getParts() - returns array of Multi-part objects available in the request.
- getPart(field) - return the multi-part object associated with the field name
The software used to illustrate the programmatic login are listed below.
- NetBeans 7.1.1 ( IDE )
- Tomcat 7.0.27 ( Server / Container )
- Ubuntu LTS 12.04 ( OS )
below. I have created two jsp pages index.jsp & myaccount.jsp. index.jsp has the login form where I will submit my action to a servlet, where I will perform my authentication.
To authenticate the user inputs I have created a servlet named AuthServlet in my application. The AuthServlet holds the business logic to perform login. Please see the code snippet below.
| private void processLogin(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { |
| String username = request.getParameter("uid"); |
| String password = request.getParameter("pwd"); |
| RequestDispatcher rd = null; |
| try { |
| request.login(username, password); |
| rd = request.getRequestDispatcher("myaccount.jsp"); |
| } catch(Exception e){ |
| request.setAttribute("msg", "Unable to login with " + username + ""); |
| rd = request.getRequestDispatcher("login.jsp"); |
| } |
| rd.forward(request, response); |
| } |
The request object has login() method. which takes 2 parameters. The first one is the username & second parameter as password. Then the login method validates the username/password with the default realm. In case of tomcat the default realm is configured with file based tomcat-users.xml file. which can be found under $CATALINA_HOME/conf directory.
So we have to configure few users in the tomcat-users.xml file. See below for a sample config.
Tomcat creates an authenticated subjected by matching the username/password provided with the username password available in tomcat-users.xml file (The file based realm is the default realm in tomcat, we can change it to LDAPRealm/JNDIRealm, JDBCRealm, JAASRealm) .
Similar to login() method, the request object has another method named logout(), which just logs out the user from current authenticated subject. See the code below for logout functionality.
| protected void processRequest(HttpServletRequest request, HttpServletResponse response) |
| throws ServletException, IOException { |
| if ( request.getServletPath().equalsIgnoreCase("/login") ) { |
| processLogin(request, response); |
| } |
| else { |
| request.logout(); |
| request.setAttribute("msg", "You have successfully logged out of system"); |
| request.getRequestDispatcher("index.jsp").forward(request, response); |
| } |
| } |
The complete code can be checked in at Google svn & can be found here. The screen shots of the above application in running mode are given below.
Let me know if you find any difficulty in accessing or executing the code.
Thanks,
Abani R. Behera
We Have to make a entry in Server.xml file for realm? As i tried your code in my application where i used Spring and Hibernate it did not worked.Even i made changes in tomcat-users.xml and given userid/password but not worked
ReplyDelete