A Servlet Authentication Filter is a servlet filter that verifies whether a user is authorized before allowing access to a servlet or web resource. It intercepts incoming requests, checks the user's credentials (such as username or password), and either forwards the request to the target servlet or blocks access if authentication fails.
- Intercepts client requests before they reach the servlet.
- Verifies user credentials before granting access.
- Prevents unauthorized users from accessing protected resources.
Importance of Authentication Filter
- Improves application security by allowing only authenticated users to access protected resources.
- Centralizes authentication logic, eliminating the need to write login validation in every servlet.
- Enhances maintainability since authentication rules are managed in one place and can be updated easily.
Step-by-Step Implementation of Authentication Filter
Follow these steps to implement authentication using a Servlet Filter.
Step 1: Create a Dynamic Web Project
- Open Eclipse IDE or STS.
- Create a Dynamic Web Project.
- Name the project ServletAuthenticationFilter.
Step 2: Create HTML Login Page (index.html)
- Create a login form to collect the username and password from the user.
- When the user clicks Login, the request is sent to the servlet, where the authentication filter checks the password before allowing access.
File: index.html
<form action = "servlet1">
Name: < input type = "text" name = "name" / > < br / > < br / >
Password: < input type = "password" name = "password" / > < br / > < br / >
<input type = "submit" value = "login">
< / form >
Step 3: Create Authentication Filter (ServletFilter.java)
- Create a filter that intercepts every request to the servlet. It checks whether the entered password is geeksforgeeks.
- If the password is correct, the request is forwarded to the servlet; otherwise, an error message is displayed and the login page is shown again.
// Importing required classes
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.*;
// Class
// Implementing Filter class
public class ServletFilter implements Filter {
public void init(FilterConfig arg0)
throws ServletException
{
}
public void doFilter(ServletRequest req,
ServletResponse resp,
FilterChain chain)
throws IOException, ServletException
{
PrintWriter out = resp.getWriter();
String password = req.getParameter("password");
if (password.equals("geeksforgeeks")) {
// Sending request to next
chain.doFilter(req, resp);
}
// Password incorrect
else {
out.print("username or password is wrong");
RequestDispatcher rd
= req.getRequestDispatcher("index.html");
rd.include(req, resp);
}
}
public void destroy() {}
}
Step 4: Create the Servlet (GFG.java)
- Create a servlet that handles authenticated requests.
- This servlet executes only after the filter successfully validates the user's password and displays a welcome message.
// Importing required classes
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
// Class
// Derived from HttpServlet class
public class GFG extends HttpServlet {
// Getting request response
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.print("welcome to GEEKSFORGEEKS");
// Closing connections to
// avoid any memory leakage
out.close();
}
}
Step 5: Configure web.xml
- Configure the servlet and filter mappings in the web.xml file.
- The filter is mapped to the servlet URL so that every request passes through the authentication filter before reaching the servlet..
File: web.xml
<web-app>
<servlet>
<servlet-name>Gfg</servlet-name>
<servlet-class>Gfg</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Gfg</servlet-name>
<url-pattern>/servlet1</url-pattern>
</servlet-mapping>
<filter>
<filter-name>f1</filter-name>
<filter-class>ServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>f1</filter-name>
<url-pattern>/servlet1</url-pattern>
</filter-mapping>
</web-app>
Step 6: Run the Application
- Right-click the project.
- Select Run As -> Run on Server.
- Choose Apache Tomcat Server.
- Open the browser and run:
http://localhost:8080/ServletAuthenticationFilter/index.html
Output:

Click on the login button, if the password is correct then the above message will be shown to the user.

Advantages of Authentication Filter
- Prevents unauthorized access to web resources.
- Reuses the same authentication logic across multiple servlets.
- Reduces duplicate authentication code.
- Executes before the target servlet, saving server resources by blocking invalid requests early.
- Can be combined with logging, authorization, and session validation for better security.
- Makes applications easier to maintain and extend.