Home > Articles > Programming > Java

  • Print
  • + Share This
Like this article? We recommend

Verifying User Identity Programmatically

When you need to access security info from code lines, a good technique is to use the HttpServletRequest interface, which provides methods that offer security info about the component's caller. These methods help you to provide access to protected resources with a programmatic approach. The following table describes these methods.



String getRemoteUser() Returns the username with which the client authenticated, or null.
boolean isUserInRole(String role) Returns a Boolean value indicating whether the remote user is in a specific security role.
String getAuthType() Returns the name of the authentication scheme used to protect the servlet.
Principal getUserPrincipal() Returns a java.security.Principal object containing the name of the current authenticated user.
String getScheme() Returns the name of the scheme used to make this request; for example, http, https, or ftp.

All these methods are exemplified in the start.jsp page and in the SecureServlet servlet. You probably will call these methods from a servlet filter, which may be responsible for handling authorization (a filter may act as a gateway to your protected resources). Using a servlet filter provides at least two advantages: You don't need to include security "chunks" in your servlets, and you can add/remove a filter without modifying the rest of the application.

  • + Share This
  • 🔖 Save To Your Account