Java.net.Authenticator class in Java
Last Updated :
12 Jan, 2022
Authenticator class is used in those cases where an authentication is required to visit some URL. Once it is known that authentication is required, it prompts the user for the same or uses some hard-coded username and password.
To use this class, following steps are followed-
Create a class that extends the Authenticator. Lets name it customAuth.- Override the getPasswordAuthentication() method. This method contains several methods for getting the details of the entity requesting for authentication. All those methods are discussed in detail later.
- Set the newly created subclass as the default authenticator to be used when a http server asks for authentication, with setDefault(Authenticator a) method of Authenticator class.
- setDefault(Authenticator a) : Sets the authenticator to be used when a HTTP server requires authentication.
Syntax : public static void setDefault(Authenticator a)
throws SecurityException
Parameter :
a : authenticator to be set as default
Throws :
SecurityException : if security manager doesn't allow
setting default authenticator
- requestPasswordAuthentication() : Asks the authenticator registered with the system for password. Returns username/password or null if not found.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)
Parameter :
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
Another overloaded method which can be used in situations where hostname can be used if inetaddress is not available.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
String host,
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)
Parameter :
host : hostname of the site asking for authentication
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
Another overloaded method which can be used if URL of the site requesting authentication is only known and not inetaddress and hostname.
Syntax :
public static PasswordAuthentication requestPasswordAuthentication(
String host,
InetAddress addr,
int port,
String protocol,
String prompt,
URL url,
String scheme)
Parameter :
host : hostname of the site asking for authentication
addr : Inet address of the site asking for authentication
port : port of requesting site
protocol : protocol used for connection
prompt : message for the user
url : URL of the site requesting authentication
scheme : authentication scheme
Throws :
SecurityException : if security manager doesn't allow
setting password authentication.
- getRequestingHost() : returns the hostname of the site requesting authentication.
Syntax : protected final String getRequestingHost()
- getRequestingSite() : returns the inetaddress of the site requesting authentication.
Syntax : protected final InetAddress getRequestingSite()
- getRequestingPort() : returns the port of connection.
Syntax : protected final int getRequestingPort()
- getRequestingProtocol() : returns the protocol requesting the connection.
Syntax : protected final String getRequestingProtocol()
- getRequestingPrompt() : returns the message prompted by requester.
Syntax : protected final String getRequestingPrompt()
- getRequestingScheme() : returns the scheme of the of requesting site.
Syntax : protected final String getRequestingScheme()
- getPasswordAuthentication() : this method is called when password authentication is required. All subclasses must override this method as default method always returns null.
Syntax : protected PasswordAuthentication getPasswordAuthentication()
- getRequestingURL() : returns the url of the requester.
Syntax : protected final URL getRequestingURL()
- getRequestorType() : returns if the requestor is proxy or server.
Syntax : protected Authenticator.RequestorType getRequestorType()
Similar Reads
Spring Security with LDAP Authentication LDAP (Lightweight Directory Access Protocol) is widely used for identity and access management. It organizes data in a hierarchical structure, optimized for read-heavy operations. LDAP is advantageous due to its scalability and interoperability. In this article, we will create a simple authenticatio
7 min read
Spring Security - Basic Authentication Spring Security is a framework that allows a programmer to use JEE (Java Enterprise Edition) components to set security limitations on Spring Framework-based web applications. As a core part of the Spring ecosystem, it’s a library that can be utilized and customized to suit the demands of the progra
6 min read
Spring Security - Two Factor Authentication Two-factor authentication (2FA) is a security method that requires users to provide two forms of authentication to access their accounts. These forms of authentication typically include something the user knows (such as a password or PIN) and something the user has (such as a mobile device or hardwa
10 min read
Spring Security - Form-Based Authentication Form-Based Authentication in Spring Security provides a secure way to authenticate users using a custom login form instead of the default security prompt. It allows better control over authentication flow, user experience, and security configurations. Key Features:Customizable login and logout mecha
5 min read
Spring Security Custom AuthenticationFailureHandler In Java, Spring Security is a very powerful framework that can provide comprehensive security services for Java enterprise software applications. One of the essential aspects of the security is authentication and it can be users are verified before granting access to the resource. Spring Security ca
6 min read
Spring Security – Customizing Authentication and Authorization Spring Security is the powerful and customizable framework that provides the authentication, authorization, and other security features for the Java applications, especially the Spring-based ones. When building secure applications, controlling access to resources is important. Customizing authorizat
7 min read