Supporting multiple authentication types

The gw.servlet.ServletUtils class provides methods that support testing for existing authenticated sessions. A typical design pattern is to first call the getAuthenticatedUser method to test whether there is an existing session token that represents valid credentials. If the getAuthenticatedUser method returns null, you can attempt to use HTTP basic authentication by calling the method getBasicAuthenticatedUser.

In a single sign-on environment, you get the user from the current HTTP session before calling login. If the session does not have a valid service token, you do HTTP basic authentication. Performing calls in this order ensures that you use existing single sign-on credentials and do not terminate an existing active session or cause a user to log in multiple times.