`ServletUtils` authentication methods

PolicyCenter includes a utility class gw.servlet.ServletUtils that you can use in your servlet to enforce authentication. The three methods in the ServletUtils class each correspond to a different source of authentication credentials. The following table summarizes each ServletUtils method. In all cases, the first argument is a standard Java HttpServletRequest object, which is an argument to your main servlet method service or a REST method such as doGet.

Source of credentials	ServletUtils method name	Description	Method arguments
Existing PolicyCenter session	`getAuthenticatedUser`	If this servlet shares an application context with a running Guidewire application, there may be an active session token. If a user is currently logged in to PolicyCenter, this method returns the associated User object. Always check the return value. The method returns `null` if authentication failed. Reasons for authentication failure include: There is no active authenticated session with correct credentials. The user exited the application. The session ID is not stored on the client. The session `ServiceToken` timeout has expired.	HttpServletRequest object A Boolean value that specifies whether to update the date and time of the session
HTTP Basic authentication headers	`getBasicAuthenticatedUser`	If there is no active session, you can use HTTP basic authentication. This method gets the appropriate HTTP headers for name and password and attempts to authenticate. You can use this type of authentication even if there is an active session. This method forces creation of a new session. The method gets the headers to find the user name and password and returns the associated User object. Always check the return value. The method returns `null` if authentication failed. For login problems, this method might throw the exception `gw.api.webservice.exception.LoginException`.	HttpServletRequest object
Arbitrary user name / password pair	`login`	Use the login method to pass an arbitrary user and password as `String` values and authenticate with PolicyCenter. For example, you might use a corporate implementation of single sign-on (SSO) authentication that stores information in HTTP headers other than the HTTP basic headers. You can get the user name and password and call this method. This method forces creation of a new session. In a single sign-on environment, get the current session before calling `login`. Then, if necessary, do HTTP basic authentication. Always check the return value. The method returns `null` if authentication failed. For login problems, this method might throw the exception `gw.api.webservice.exception.LoginException`.	HttpServletRequest object Username as a `String` Password as a `String`

Source of credentials

ServletUtils method name

Description

Method arguments

Existing PolicyCenter session

getAuthenticatedUser

If this servlet shares an application context with a running Guidewire application, there may be an active session token. If a user is currently logged in to PolicyCenter, this method returns the associated User object.

Always check the return value. The method returns null if authentication failed. Reasons for authentication failure include:

There is no active authenticated session with correct credentials.
The user exited the application.
The session ID is not stored on the client.
The session ServiceToken timeout has expired.

HttpServletRequest object
A Boolean value that specifies whether to update the date and time of the session

HTTP Basic authentication headers

getBasicAuthenticatedUser

If there is no active session, you can use HTTP basic authentication. This method gets the appropriate HTTP headers for name and password and attempts to authenticate. You can use this type of authentication even if there is an active session. This method forces creation of a new session. The method gets the headers to find the user name and password and returns the associated User object.

Always check the return value. The method returns null if authentication failed.

For login problems, this method might throw the exception gw.api.webservice.exception.LoginException.

HttpServletRequest object

Arbitrary user name / password pair

login

Use the login method to pass an arbitrary user and password as String values and authenticate with PolicyCenter. For example, you might use a corporate implementation of single sign-on (SSO) authentication that stores information in HTTP headers other than the HTTP basic headers. You can get the user name and password and call this method. This method forces creation of a new session.

In a single sign-on environment, get the current session before calling login. Then, if necessary, do HTTP basic authentication.

Always check the return value. The method returns null if authentication failed.

For login problems, this method might throw the exception gw.api.webservice.exception.LoginException.

HttpServletRequest object
Username as a String
Password as a String

ServletUtils authentication methods

`ServletUtils` authentication methods