Programmatic Security in JSP

Programmatic Security in JSP with an Example

In this article, I am going to discuss Programmatic Security in JSP with an Example. Please read our previous article where we discussed Form-Based Authentication in JSP Application.

Programmatic Security in JSP

Following are the Programmatic Security methods in servlet and JSP provided by the HttpServletRequest object:

  1. getAuthType(): It represents the name of the authentication scheme used to protect the servlet.
  2. isUserInRole(java.lang.String role): It returns true if the user is in the given role else it returns false.
  3. getProtocol(): It represents the protocol to send the request.
  4. isSecure(): It returns true if the request was made using HTTPs else returns false.
  5. getUserPrinciple(): It returns a java.security.Principle object that contains the name of the current authenticated user.
Example: Programmatic Security in JSP

In this example, we are creating a JSP file Secured.jsp to show the username and role of the logged in user.

web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0">
  <display-name>JSPDemo</display-name>
  <welcome-file-list>
    <welcome-file>Secured.jsp</welcome-file>

  </welcome-file-list>
<security-constraint>
  <web-resource-collection>
  <web-resource-name>
     Private Resource
  </web-resource-name>
  <url-pattern>/Secured.jsp</url-pattern>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <description>
    </description>
    <role-name>admin</role-name>
  </auth-constraint>
</security-constraint>
<security-role>
  <role-name>admin</role-name>
</security-role>
<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/failure.jsp</form-error-page>
  </form-login-config>
</login-config>
</web-app>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
  <head>
    <title>Login Form</title>
  </head>
  <body>
    <form name="logonform" action="j_security_check" method="POST">
      Username: <input type="text" name="j_username"/>
      <br/>
      Password:<input type="password" name="j_password"/>
      <br/>
      <input type="submit" value="Submit"/>
    </form>
  </body>
</html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
    <head>
      <title>Authentication Failure </title>
    </head>
    <body>
      <h4>
        Access Denied !!
      </h4>
    </body>
</html>
Secured.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html>
<html>
  <head>
    <title> Secured JSP </title>
  </head>
  <body>
    <h4>
     Secured JSP
    </h4>
    Username :: <%= request.getRemoteUser() %>
    <br/>
    Authentication Mechanism :: <%= request.getAuthType() %>
    <br/>
    <br/>
    Is User belongs to Role "tomcat"? <%= request.isUserInRole("tomcat") %>
    <br/>
    Is User belongs to Role "role1"? <%= request.isUserInRole("role1") %>
  </body>
</html>
Output

Run your secured.jsp file and enter admin credentials as we configure it for admin role, you will get the following output:

Programmatic Security in JSP Application with an Example

In the next article, I am going to discuss Token Based Authentication in JSP Applications with an Example. Here, in this article, I try to explain Programmatic Security in JSP Application with an Example and I hope you enjoy this Programmatic Security in JSP article.

Leave a Reply

Your email address will not be published. Required fields are marked *