Java.net.Authenticator class in Java
Last Updated :
12 Jan, 2022
Authenticator class is used in those cases where an authentication is required to visit some URL. Once it is known that authentication is required, it prompts the user for the same or uses some hard-coded username and password.
To use this class, following steps are followed-
Create a class that extends the Authenticator. Lets name it customAuth.- Override the getPasswordAuthentication() method. This method contains several methods for getting the details of the entity requesting for authentication. All those methods are discussed in detail later.
- Set the newly created subclass as the default authenticator to be used when a http server asks for authentication, with setDefault(Authenticator a) method of Authenticator class.
- setDefault(Authenticator a) : Sets the authenticator to be used when a HTTP server requires authentication.
Syntax : public static void setDefault(Authenticator a)
throws SecurityException
Parameter :
a : authenticator to be set as default
Throws :
SecurityException : if security manager doesn't allow
setting default authenticator
- requestPasswordAuthentication() : Asks the authenticator registered with the system for password. Returns username/password or null if not found.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)
Parameter :
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
Another overloaded method which can be used in situations where hostname can be used if inetaddress is not available.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
String host,
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)
Parameter :
host : hostname of the site asking for authentication
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
Another overloaded method which can be used if URL of the site requesting authentication is only known and not inetaddress and hostname.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
String host,
InetAddress addr,
int port,
String protocol,
String prompt,
URL url,
String scheme)
Parameter :
host : hostname of the site asking for authentication
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
url : URL of the site requesting authentication
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
- getRequestingHost() : returns the hostname of the site requesting authentication.
Syntax : protected final String getRequestingHost()
- getRequestingSite() : returns the inetaddress of the site requesting authentication.
Syntax : protected final InetAddress getRequestingSite()
- getRequestingPort() : returns the port of connection.
Syntax : protected final int getRequestingPort()
- getRequestingProtocol() : returns the protocol requesting the connection.
Syntax : protected final String getRequestingProtocol()
- getRequestingPrompt() : returns the message prompted by requester.
Syntax : protected final String getRequestingPrompt()
- getRequestingScheme() : returns the scheme of the of requesting site.
Syntax : protected final String getRequestingScheme()
- getPasswordAuthentication() : this method is called when password authentication is required. All subclasses must override this method as default method always returns null.
Syntax : protected PasswordAuthentication getPasswordAuthentication()
- getRequestingURL() : returns the url of the requester.
Syntax : protected final URL getRequestingURL()
- getRequestorType() : returns if the requestor is proxy or server.
Syntax : protected Authenticator.RequestorType getRequestorType()
Similar Reads
Java.net.HttpCookie in Java
Prerequisite - CookiesMany websites use small strings of text known as cookies to store persistent client-side state between connections. Cookies are passed from server to client and back again in the HTTP headers of requests and responses. Cookies can be used by a server to indicate session IDs, sh
8 min read
Spring Security with LDAP Authentication
LDAP (Lightweight Directory Access Protocol) is widely used for identity and access management. It organizes data in a hierarchical structure, optimized for read-heavy operations. LDAP is advantageous due to its scalability and interoperability. In this article, we will create a simple authenticatio
7 min read
Spring Security - Basic Authentication
Spring Security is a framework that allows a programmer to use JEE (Java Enterprise Edition) components to set security limitations on Spring Framework-based web applications. As a core part of the Spring ecosystem, it’s a library that can be utilized and customized to suit the demands of the progra
6 min read
Spring Security - Two Factor Authentication
Two-factor authentication (2FA) is a security method that requires users to provide two forms of authentication to access their accounts. These forms of authentication typically include something the user knows (such as a password or PIN) and something the user has (such as a mobile device or hardwa
10 min read
Spring Webflux Websocket Security - Basic Authentication
Spring WebFlux WebSockets, the authentication data that was included in the HTTP request at the time the WebSocket connection was established is reused. This indicates that WebSockets will receive the Principal on the HttpServletRequest. The Principal on the HttpServletRequest is automatically overr
5 min read
Reactive JWT Authentication Using Spring WebFlux
JSON Web Token (JWT) authentication is a popular method for securing APIs in microservices architectures. With Spring WebFlux, the reactive web framework, we can create highly scalable and responsive applications. In this article, we will guide you on how to implement JWT authentication in a reactiv
8 min read
Spring Security - Form-Based Authentication
Form-Based Authentication in Spring Security provides a secure way to authenticate users using a custom login form instead of the default security prompt. It allows better control over authentication flow, user experience, and security configurations. Key Features:Customizable login and logout mecha
5 min read
Spring Security - Role Based Authentication
Authentication is when anyone wants to access your Rest API they need some Authorization like a Username, Password, and token kind of. So Spring Boot Security has a Spring Boot 6.2.0 version. In the lower version Some Methods are deprecated in spring Security that's why a new thing comes into the pi
4 min read
Spring Boot - OAuth2 Authentication and Authorization
OAuth2 is a widely-used protocol for authorization that enables applications to securely access resources on behalf of users. When combined with Spring Boot, OAuth2 facilitates authentication and authorization for both REST APIs and web applications. This article will walk you through setting up OAu
7 min read
Spring Security Custom AuthenticationFailureHandler
In Java, Spring Security is a very powerful framework that can provide comprehensive security services for Java enterprise software applications. One of the essential aspects of the security is authentication and it can be users are verified before granting access to the resource. Spring Security ca
6 min read