Back to: JSP Tutorials for Beginners and Professionals
Programmatic Security in JSP with an Example
In this article, I am going to discuss Programmatic Security in JSP with an Example. Please read our previous article where we discussed Form-Based Authentication in JSP Applications.
Programmatic Security in JSP
Following are the Programmatic Security methods in servlet and JSP provided by the HttpServletRequest object:
- getAuthType(): It represents the name of the authentication scheme used to protect the servlet.
- isUserInRole(java.lang.String role): It returns true if the user is in the given role else it returns false.
- getProtocol(): It represents the protocol to send the request.
- isSecure(): It returns true if the request was made using HTTPS else returns false.
- getUserPrinciple(): It returns a java.security.Principle object that contains the name of the current authenticated user.
Example: Programmatic Security in JSP
In this example, we are creating a JSP file Secured.jsp to show the username and role of the logged in user.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0">
<display-name>JSPDemo</display-name>
<welcome-file-list>
<welcome-file>Secured.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Private Resource
</web-resource-name>
<url-pattern>/Secured.jsp</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>
</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failure.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<form name="logonform" action="j_security_check" method="POST">
Username: <input type="text" name="j_username"/>
<br/>
Password:<input type="password" name="j_password"/>
<br/>
<input type="submit" value="Submit"/>
</form>
</body>
</html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<title>Authentication Failure </title>
</head>
<body>
<h4>
Access Denied !!
</h4>
</body>
</html>
Secured.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
<head>
<title> Secured JSP </title>
</head>
<body>
<h4>
Secured JSP
</h4>
Username :: <%= request.getRemoteUser() %>
<br/>
Authentication Mechanism :: <%= request.getAuthType() %>
<br/>
<br/>
Is User belongs to Role "tomcat"? <%= request.isUserInRole("tomcat") %>
<br/>
Is User belongs to Role "role1"? <%= request.isUserInRole("role1") %>
</body>
</html>
Output
Run your secured.jsp file and enter admin credentials as we configure it for admin role, you will get the following output:
In the next article, I am going to discuss Token Based Authentication in JSP Applications with an Example. Here, in this article, I try to explain Programmatic Security in JSP Application with an Example and I hope you enjoy this Programmatic Security in JSP article.
About the Author: Pranaya Rout
Pranaya Rout has published more than 3,000 articles in his 11-year career. Pranaya Rout has very good experience with Microsoft Technologies, Including C#, VB, ASP.NET MVC, ASP.NET Web API, EF, EF Core, ADO.NET, LINQ, SQL Server, MYSQL, Oracle, ASP.NET Core, Cloud Computing, Microservices, Design Patterns and still learning new technologies.