Authenticator Class

Implementations of this class are used to parse credentials and authenticate client requests. Implementations of this class are typically instantiated within a servlet constructor and assigned to the servlet via the setAuthenticator() method. Once an Authenticator is defined, several security-related methods will be available via the HttpServletRequest object (e.g. getCredentials(), getUserPrincipal(), authenticate(), etc).


There are no constructors. You can call the methods directly.


authenticate( ) returns void
Used to authenticate a client request. If the Authenticator fails to authenticate the client, this method throws a ServletException.
getAuthType( ) returns String
Returns the authentication scheme used to authenticate clients (e.g. "BASIC", "DIGEST", "CLIENT_CERT", etc).
getCredentials( ) returns String[]
Returns an array representing the client credentials associated with this request. The first element in the array represents the username and the second element represents the password. Client credentials may be found in the "Authorization" request header, in a client certificate, etc. Implementations of this class must communicate the authentication scheme via the getAuthType() method. If the Authenticator fails to parse the credentials, this method returns a null.
getPrinciple( ) returns
Returns a object containing the name of a given user. If the user has not been authenticated, the method returns a null.
isUserInRole( String role ) returns boolean
Returns a boolean indicating whether a user is included in the specified "role". Roles and role membership are often managed by instances of this class using deployment descriptors. If the user is not authenticated, or if no role is defined for the user, the method returns false.
newInstance( javaxt.http.servlet.HttpServletRequest request ) returns javaxt.http.servlet.Authenticator
Returns a new instance of an Authenticator used to authenticate requests. This method is called with each new http request.