Advertisement



< Prev
Next >



User Authentication Filter



In this article, we are going to understand how to provide the mechanism of user-authentication by using Filters. For this, we are going to create a webpage which asks the user to enter his name and password in a form and click the submit button.

When details are entered, there will be a call to Servlet, but before this Servlet is executed, the filter associated with it will be executed and the initialization parameters of this filter(specified in the deployment descriptor file(web.xml) pointing to the correct username and password are checked against the entered username and password on the webpage.

If there is match of values, the servlet class is executed, otherwise it won't be executed. Hence, providing user authentication using Filters.

As you know that we can create a Filter class by implementing the Filter interface. With this Filter class, we can associate one or multiple initialization parameters and check their values against the user entered values for user authentication.




Methods of Filter interface


In order to create a filter class we must implement the three methods of javax.servlet.Filter interface.

Methods Description
void doInit(FilterConfig config) This method initializes the Filter.
void doFilter(ServletRequest request, ServletResponse, response, FilterChain chain) This method is called by the web container when a client requests for a web resource which could be a Servlet or a JSP page .
void destroy() This method destroys the Filter instance.





Creating a webpage which calls the Servlet


We are creating a webpage which asks the user to enter his name and password and click the submit button, This information will be matched against the username and password stored in and the initialization parameters of this filter (specified in the deployment descriptor file(web.xml).


Webpage1.jsp
<html>

<head>
<title> Filters Demo </title>
</head>


<body>

<b> Please enter your details :  </b>
<br/>
<br/>
<br/>

<form action ="MyServ">
Name : <input type = "text"  name = "name" />
Password :<input type = "password"  name = "password"/>

<input type = "submit"  name = "submit" />
</form>

</body>
</html>



Advertisement




Creating Filter


We are creating a Filter by implementing the Filter interface and by implementing its three methods -


Within the doFilter(ServletRequest, ServletResponse, FilterChain) method, we must make a call to doFilter(request, response) method of FilterChain interface.


MyFilter1.java
import java.io.*;
import javax.servlet.*;
import java.util.*;



public class MyFilter1 implements Filter
{
FilterConfig config; 

public void init(FilterConfig filterConfig) 
{
config = filterConfig;
}

public void destroy()
{
}


//This method is called each time a client requests for a web resource i.e. preprocessing request
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();


if(request.getParameter("username").equals(config.getInitParameter("username")) && request.getParameter("password"). equals(config.getInitParameter("password")))
{
out.println("Login success!");

out.println("<br/>");
out.println("<br/>");
out.println("<br/>");


//doFilter() calls the next filter in the chain or the requested web resource(if there is no more filter)
chain.doFilter(request,response);

}
else
{
out.println("Login failed!");
}


out.println("<br/>");
out.println("<br/>");
out.println("<br/>");


//post-processing the request and after the requested web resource is called.
out.println("<b><i>Message of the day - Never give up!</i></b>");

}
}






MyServlet1.java is a Servlet class, which is executed after its associated filter is executed.

MyServlet1.java
import java.io.*;
import javax.servlet.*;

public class MyServlet1 extends GenericServlet
{


public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException
{

response.setContentType("text/html");
PrintWriter out = response.getWriter();

out.println("You are logged into your account.");
}
}






Directory Structure of Servlet files




The diagram above depicts how to arrange the Servlet files in a specific directory structure, as per Java Servlet Specification-






Creating the Deployment Descriptor file


As per the Java Servlet specifications, every web application based on Servlet must have a Deployment Descriptor file(an XML file) named web.xml. So, let's create one and this time, associate our two filter classes with our Servlet class -


web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
  version="4.0"
  metadata-complete="true">

  <display-name>Welcome tomcat</display-name>
  <description>
     Welcome tomcat
  </description>

  
<filter>
 	<filter-name>Filter1</filter-name>
	<filter-class>MyFilter1</filter-class>
	<init-param>
		<param-name>username</param-name>
		<param-value>scott</param-value>
	</init-param>
	<init-param>
		<param-name>password</param-name>
		<param-value>tiger</param-value>
	</init-param>
</filter>



<filter-mapping>
	<filter-name>Filter1</filter-name>
	<url-pattern>/MyServ</url-pattern>
</filter-mapping>




<servlet>
 	<servlet-name>Servlet</servlet-name>
	<servlet-class>MyServlet1</servlet-class>
</servlet>

<servlet-mapping>
	<servlet-name>Servlet</servlet-name>
	<url-pattern>/MyServ</url-pattern>
</servlet-mapping>

</web-app>


In deployment descriptor file, The <filter> has two child tags <filter-name> and <filter-class>.




We have also specified three initialization parameters specific to our Filter using <init-param> tag. This tag has two child tags <param-name> and <param-value> :




<servlet> has two child tags <servlet-name> and <servlet-class> :








Note







Setting the classpath


Much of the support for developing the web applications based on the Java Servlet technology does not come with the core Java. Hence, in order to compile the Servlet programs, we have to set the classpath to a jar file named servlet-api.jar.

This jar file provides all the classes that are required for the Servlet programming and it comes within the lib Folder of Tomcat installation folder.

For example, in our case we have installed Tomcat Web Server within the C: Drive, hence the path to our lib folder containing the servlet-api.jar is - C:\apache-tomcat-9.0.2\lib

There are two ways to set the classpath -




Compiling the Servlet class


After setting the classpath, you need to compile the filter and the Servlet class by entering the command at the folder where you've stored the Servlet class file.

javac -d WEB-INF/classes MyFilter1.java


javac -d WEB-INF/classes MyServlet1.java





Executing the Servlet


First we execute the webpage which asks the user to enter his name and password and click the submit button,





Hence, if there is a match of values then the user is presented with the following messages on the window.




But, if there is a mismatch of values then the user is presented with the following messages on the window.







Please share this article -




< Prev
Next >
< Filters Init Parameters
Listener >



Advertisement

Please Subscribe

Please subscribe to our social media channels for daily updates.


Decodejava Facebook Page  DecodeJava Twitter Page Decodejava Google+ Page




Advertisement

Notifications



Please check our latest addition

PYTHON


Advertisement