< Prev
Next >

User Authentication Filter

In this article, we are going to understand how to provide the mechanism of user-authentication by using Filters. For this, we are going to create a webpage which asks the user to enter his name and password in a form and click the submit button.

When details are entered, there will be a call to Servlet, but before this Servlet is executed, the filter associated with it will be executed and the initialization parameters of this filter(specified in the deployment descriptor file(web.xml) pointing to the correct username and password are checked against the entered username and password on the webpage.

If there is match of values, the servlet class is executed, otherwise it won't be executed. Hence, providing user authentication using Filters.

As you know that we can create a Filter class by implementing the Filter interface. With this Filter class, we can associate one or multiple initialization parameters and check their values against the user entered values for user authentication.

Methods of Filter interface

In order to create a filter class we must implement the three methods of javax.servlet.Filter interface.

Methods Description
void doInit(FilterConfig config) This method initializes the Filter.
void doFilter(ServletRequest request, ServletResponse, response, FilterChain chain) This method is called by the web container when a client requests for a web resource which could be a Servlet or a JSP page .
void destroy() This method destroys the Filter instance.

Creating a webpage which calls the Servlet

We are creating a webpage which asks the user to enter his name and password and click the submit button, This information will be matched against the username and password stored in and the initialization parameters of this filter (specified in the deployment descriptor file(web.xml).


<title> Filters Demo </title>


<b> Please enter your details :  </b>

<form action ="MyServ">
Name : <input type = "text"  name = "name" />
Password :<input type = "password"  name = "password"/>

<input type = "submit"  name = "submit" />


Creating Filter

We are creating a Filter by implementing the Filter interface and by implementing its three methods -

Within the doFilter(ServletRequest, ServletResponse, FilterChain) method, we must make a call to doFilter(request, response) method of FilterChain interface.

import java.io.*;
import javax.servlet.*;
import java.util.*;

public class MyFilter1 implements Filter
FilterConfig config; 

public void init(FilterConfig filterConfig) 
config = filterConfig;

public void destroy()

//This method is called each time a client requests for a web resource i.e. preprocessing request
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException
PrintWriter out = response.getWriter();

if(request.getParameter("username").equals(config.getInitParameter("username")) && request.getParameter("password"). equals(config.getInitParameter("password")))
out.println("Login success!");


//doFilter() calls the next filter in the chain or the requested web resource(if there is no more filter)

out.println("Login failed!");


//post-processing the request and after the requested web resource is called.
out.println("<b><i>Message of the day - Never give up!</i></b>");


MyServlet1.java is a Servlet class, which is executed after its associated filter is executed.

import java.io.*;
import javax.servlet.*;

public class MyServlet1 extends GenericServlet

public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException

PrintWriter out = response.getWriter();

out.println("You are logged into your account.");

Directory Structure of Servlet files

The diagram above depicts how to arrange the Servlet files in a specific directory structure, as per Java Servlet Specification-

Creating the Deployment Descriptor file

As per the Java Servlet specifications, every web application based on Servlet must have a Deployment Descriptor file(an XML file) named web.xml. So, let's create one and this time, associate our two filter classes with our Servlet class -

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"

  <display-name>Welcome tomcat</display-name>
     Welcome tomcat






In deployment descriptor file, The <filter> has two child tags <filter-name> and <filter-class>.

We have also specified three initialization parameters specific to our Filter using <init-param> tag. This tag has two child tags <param-name> and <param-value> :

<servlet> has two child tags <servlet-name> and <servlet-class> :


Setting the classpath

Much of the support for developing the web applications based on the Java Servlet technology does not come with the core Java. Hence, in order to compile the Servlet programs, we have to set the classpath to a jar file named servlet-api.jar.

This jar file provides all the classes that are required for the Servlet programming and it comes within the lib Folder of Tomcat installation folder.

For example, in our case we have installed Tomcat Web Server within the C: Drive, hence the path to our lib folder containing the servlet-api.jar is - C:\apache-tomcat-9.0.2\lib

There are two ways to set the classpath -

Compiling the Servlet class

After setting the classpath, you need to compile the filter and the Servlet class by entering the command at the folder where you've stored the Servlet class file.

javac -d WEB-INF/classes MyFilter1.java

javac -d WEB-INF/classes MyServlet1.java

Executing the Servlet

First we execute the webpage which asks the user to enter his name and password and click the submit button,

Hence, if there is a match of values then the user is presented with the following messages on the window.

But, if there is a mismatch of values then the user is presented with the following messages on the window.

Please share this article -

Facebook Google Pinterest Reddit Tumblr Twitter

< Prev
Next >
< Filters Init Parameters
Listener >

Please Subscribe

Please subscribe to our social media channels for daily updates.

Decodejava Facebook Page  DecodeJava Twitter Page Decodejava Google+ Page