User Authentication Using Servlet in Java

Introduction

This article explains user authentication using a servlet in Java. The NetBeans IDE is used for the sample application.

What is user authentication

It is sometimes called a security policy domain or security domain, it is a scope over which an application server defines and enforces a common security policy. There are multiple users that can visit our website to find which one was "admin" and which one was "manager" and so on. We use a security policy by providing user-authentication to distinguish the users from others.

It is also used in session tracking. We can use the username to track a client session. Once the user has logged in, the web-browser remembers his/her name and thereby tracks there session.

Advantages

• This technique also works when the user accesses your site from various machines.
• Used to perform session tracking.
• Also works when the user exits his/her browser before returning to the site.

Disadvantages

• It has the disadvantages that for this each user must register themselves to remember her/his identity to the web sites.

Example

In this example we are creating a web page in which we create an admin control for login. If the user logs in with an admin password then they enter our website else they are redirected to the login page.

Use the following procedure to create this app.

Step 1

Open the NetBeans IDE.

Step 2

Select "Java web" -> "Web application" as in the following:

Step 3

Type your project name as UserAuthenticationDemo.

Step 4

Click on "Next" then select your Java version and server details as in the following:

Step 5

Now delete your default "index.jsp" file and create a new "index.html" file and write the following code for it.

index.html

<!--

To change this license header, choose License Headers in Project Properties.

To change this template file, choose Tools | Templates

and open the template in the editor.

-->

<!DOCTYPE html>

<html>

    <head>

        <title>TODO supply a title</title>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

        <meta name="viewport" content="width=device-width">

    </head>

    <body bgcolor="pink">

        <form method="get" action="Admin">

            <table>

                <tr>

                    <td>

                        <b>Name:</b>

                    </td>

                    <td>

                        <input type="text" name="name"/><br/>

                    </td>

                </tr>

                <tr>

                    <td>

                        <b>Password:</b>

                    </td>

                    <td>

                        <input type="password" name="password"/><br/>

                    </td>

                </tr>

                <tr>

                    <td>&nbsp;</td>

                    <td>

                        <input type="submit" value="Login">

                    </td>

                </tr>

            </table>

        </form>

    </body>

</html>

 Step 6

Create a new servlet file named "Filter.java" and write the following code for it.

Filter.java

import java.io.IOException;

import java.io.PrintWriter;

import javax.servlet.*;

public class FilterOne implements Filter {

    @Override

    public void init(FilterConfig arg0) throws ServletException {

    }

    @Override

    public void doFilter(ServletRequest request, ServletResponse response,

            FilterChain chain) throws IOException, ServletException {

        PrintWriter out = response.getWriter();

        String password = request.getParameter("password");

        if (password.equals("admin")) {

            chain.doFilter(request, response);//sends request to next resource

        } else {

            out.print("username or password error!");

            RequestDispatcher rd = request.getRequestDispatcher("index.html");

        }

    }

    @Override

    public void destroy() {

    }

Step 7

Now create another servlet named "Admin.java" and write the following code for it.

Admin.java

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class Admin extends HttpServlet {

    @Override

    public void doGet(HttpServletRequest request, HttpServletResponse response)

            throws ServletException, IOException {

        response.setContentType("text/html");

        PrintWriter out = response.getWriter();

        out.print("Welcome ADMIN");

        out.close();

    }

Step 8

Check your "web.xml" file.

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <filter>

        <filter-name>FilterOne</filter-name>

        <filter-class>FilterOne</filter-class>

    </filter>

    <filter-mapping>

        <filter-name>FilterOne</filter-name>

        <url-pattern>/Admin</url-pattern>

    </filter-mapping>

    <servlet>

        <servlet-name>Admin</servlet-name>

        <servlet-class>Admin</servlet-class>

    </servlet>

    <servlet-mapping>

        <servlet-name>Admin</servlet-name>

        <url-pattern>/Admin</url-pattern>

    </servlet-mapping>

    <session-config>

        <session-timeout>

            30

        </session-timeout>

    </session-config>

Step 9

Now your project is ready to run.

Right-click on the Project menu and select Run. The following output is generated from this application.

Step 10

Now enter a username and password depending on your choice. If you enter the password as "admin" then you are permited to visit the site else a warning is shown each time when you enter an incorrect password.

Case 1: Incorrect password entered:

Case 2: The correct password for "admin" is provided.