How do I log in to AWS from my web app using Eclipse JEE?

Question

I would like my web app to log in to AWS. I am using Eclipse JEE. The about box says:

Eclipse IDE for Enterprise Java Developers.

Version: 2019-03 (4.11.0)

Build id: 20190314-1200

I have the following code:

index.html:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Hello AWS Web World!</title>
<link rel="stylesheet" href="styles/styles.css" type="text/css"
    media="screen">
</head>
<body>
    
    <h1>Post</h1>
    <div>
        <form action="LoginServlet" method="post">
            Name:<input type="text" name="name"><br>
            Password:<input type="password" name="password"><br>
            <input type="submit" value="submit">
        </form>
    </div>

    <h1>Get</h1>
    <div>
        <form action="LoginServlet" method="get">
            Name:<input type="text" name="name"><br>
            Password:<input type="password" name="password"><br>
            <input type="submit" value="submit">
        </form>
    </div>

</body>
</html>

index.jsp

<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8" %>
<%@ page import="com.amazonaws.*" %>
<%@ page import="com.amazonaws.auth.*" %>
<%@ page import="com.amazonaws.auth.profile.*" %>
<%@ page import="com.amazonaws.services.ec2.*" %>
<%@ page import="com.amazonaws.services.ec2.model.*" %>
<%@ page import="com.amazonaws.services.s3.*" %>
<%@ page import="com.amazonaws.services.s3.model.*" %>
<%@ page import="com.amazonaws.services.dynamodbv2.*" %>
<%@ page import="com.amazonaws.services.dynamodbv2.model.*" %>

<%! // Share the client objects across threads to
    // avoid creating new clients for each web request
    private AmazonEC2         ec2;
    private AmazonS3           s3;
    private AmazonDynamoDB dynamo;
 %>

<%
    /*
     * AWS Elastic Beanstalk checks your application's health by periodically
     * sending an HTTP HEAD request to a resource in your application. By
     * default, this is the root or default resource in your application,
     * but can be configured for each environment.
     *
     * Here, we report success as long as the app server is up, but skip
     * generating the whole page since this is a HEAD request only. You
     * can employ more sophisticated health checks in your application.
     */
    if (request.getMethod().equals("HEAD")) return;
%>

<%
    if (ec2 == null) {
        AWSCredentialsProviderChain credentialsProvider = new AWSCredentialsProviderChain(
            new InstanceProfileCredentialsProvider(),
            new ProfileCredentialsProvider("default"));

        ec2    = new AmazonEC2Client(credentialsProvider);
        s3     = new AmazonS3Client(credentialsProvider);
        dynamo = new AmazonDynamoDBClient(credentialsProvider);
    }
%>

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8">
    <title>Hello AWS Web World!</title>
    <link rel="stylesheet" href="styles/styles.css" type="text/css" media="screen">
</head>
<body>
    <div id="content" class="container">
        <div class="section grid grid5 s3">
            <h2>Amazon S3 Buckets:</h2>
            <ul>
            <% for (Bucket bucket : s3.listBuckets()) { %>
               <li> <%= bucket.getName() %> </li>
            <% } %>
            </ul>
        </div>

        <div class="section grid grid5 sdb">
            <h2>Amazon DynamoDB Tables:</h2>
            <ul>
            <% for (String tableName : dynamo.listTables().getTableNames()) { %>
               <li> <%= tableName %></li>
            <% } %>
            </ul>
        </div>

        <div class="section grid grid5 gridlast ec2">
            <h2>Amazon EC2 Instances:</h2>
            <ul>
            <% for (Reservation reservation : ec2.describeInstances().getReservations()) { %>
                <% for (Instance instance : reservation.getInstances()) { %>
                   <li> <%= instance.getInstanceId() %></li>
                <% } %>
            <% } %>
            </ul>
        </div>
    </div>
</body>
</html>

LoginServlet.java

package package10_2;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@WebServlet(name="LoginServlet", urlPatterns= {"/"})
public class LoginServlet extends HttpServlet {
    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        System.out.println("doPost");
    
        response.setContentType("text/html");
        PrintWriter out=response.getWriter();
        
        out.println("doPost");

        Boolean authenticated = request.authenticate(response);
        System.out.println("authenticated=" + authenticated);
        out.println("authenticated=" + authenticated);
        
        String authType = request.getAuthType();
        System.out.println("auth type =" + authType);
        out.println("auth type =" + authType);
        
        String remoteUser = request.getRemoteUser();
        System.out.println("remote user =" + remoteUser);
        out.println("remote user =" + remoteUser);
        
        out.close();

    }

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        System.out.println("doGet");

        response.setContentType("text/html");
        PrintWriter out=response.getWriter();
        
        out.println("doGet");

        String authType = request.getAuthType();
        System.out.println("auth type =" + authType);
        out.println("auth type =" + authType);
        
        String remoteUser = request.getRemoteUser();
        System.out.println("remote user =" + remoteUser);
        out.println("remote user =" + remoteUser);
        
        out.close();
        
    }

}

When I use the first form that uses the post method, I put in the right username and password, but when I click on submit, I get a login dialog box that asks for a username and password. In this case the username is tina. Here is what shows on the website after:

doPost authenticated=true auth type =BASIC remote user =tina

When I use the second form that uses the get method, I put the right username and password, but when I click on submit, the website shows:

doGet auth type =null remote user =null

Should I use the post or the get method to log in? I think I'm supposed to use the get method.

How do I get the post method to work with the values for username and password I the user puts in the form in the index.html page?

Answer 1

Http GET doesn't support Form submit, you have to use JS to add them on query parameter. But It has security risks.

So usually GET is not a good method to handle login.