Java servlet and authentication
I have a small application with 3-4 servlets and a basic module that provide me with authentication, for example:
public class Authentication {
public boolean isUserAuthenticated(){
....
}
}
Is there a way to check for authentication with my class BEFORE calling any other servlet, without having to add code to each one? I would like to avoid user validation for every servlet I have and for every servlet I have to add.
Any suggestion accepted :)
Thanks, Roberto
source to share
Absolutely, use a servlet filter . This is the standard way to ensure security in Java web applications.
The Java Servlet 2.3 specification introduces a new type of component called a filter. The filter dynamically intercepts requests and responses to transform or use the information contained in the requests or responses. Filters do not usually create responses themselves, but instead provide generic functionality that can be "tied" to any type of servlet or JSP.
source to share
Custom authentication can be done through servlet filters.
Check out the detailed example User authentication filter example
source to share