12.6. Servlet API Integration
PicketLink provides a seamless integration with the Java Servlet API. As you might know, the Servlet API provides some useful methods to authenticate, logout and check for user's roles. This is usually performed by invoking specific methods on the
HttpServletRequest
.
For example, let's say you want to authenticate an user using his username and password. The Servlet API provides a specific method that you can use as follows:
HttpServletRequest request = // get request request.login("john", "password");
Once the user is authenticated, you are able to get the principal from the request as follows:
Principal principal = request.getUserPrincipal();
The same applies to logout. You can easily logout an user by just:
request.logout();
The Servlet API also provides a method to check users roles.
request.isUserInRole("Administrator);