Java servlet and authentication

Question

Java servlet and authentication

I have a small application with 3-4 servlets and a basic module that provide me with authentication, for example:

public class Authentication {
    public boolean isUserAuthenticated(){
        ....
    }
}

Is there a way to check for authentication with my class BEFORE calling any other servlet, without having to add code to each one? I would like to avoid user validation for every servlet I have and for every servlet I have to add.

Any suggestion accepted :)

Thanks, Roberto

+2

java authentication jsp servlets

Roberto 06 oct. 09 at 15:33

source to share

4 answers

You can put your authentication logic in a servlet filter. If the filter finds the request unauthenticated, it can redirect the user to the login page (or whatever).

Anything that gets into the servlet is already implicitly certified.

+2

Will hartung 06 oct. '09 at 15:35

source to share

Use Acegi security (now Spring Security). Using Spring will also make your life easier in a different way. (Spring protection works using a servlet filter as stated in previous posts).

+1

les2 06 oct. 09 at 15:37

source to share

Custom authentication can be done through servlet filters.
Check out the detailed example User authentication filter example

0

sjith 22 jan. At 20:10

source to share

cletus · Accepted Answer · 2009-10-06T15:34:06+0000

Absolutely, use a servlet filter . This is the standard way to ensure security in Java web applications.

The Java Servlet 2.3 specification introduces a new type of component called a filter. The filter dynamically intercepts requests and responses to transform or use the information contained in the requests or responses. Filters do not usually create responses themselves, but instead provide generic functionality that can be "tied" to any type of servlet or JSP.

Java servlet and authentication

More articles: