How to get login password in servlets

Question

I've successfully implemented form based authentication, and now I want to get the username and password to initialize session object in javamail from servlets. How can I do that? I can getlogin username by using method request.getRemoteUser(), but I don't know how to get the password.

If I create any session object like:

authentication = new PasswordAuthentication(user,password);
Properties props = new Properties();
props.put("mail.host", "localhost");
props.put("mail.debug",true);
props.put("mail.store.protocol", "pop3");
props.put("mail.transport.protocol", "smtp"); 
Session session = Session.getInstance(props, this);

then how can I get inbox messages from mail server based upon particular username and password, if I don't pass any password from servlets to PasswordAuthentication object?

Answer 1

The Java EE / Servlet API doesn't allow that. You'll need to get the password by username from the same user-password source as the container does, or to externalize the user-password source so that both the container and your code can make use of it, such as a database. Check the documentation of the container in question using the "Realm" keyword. Since you seem to use Tomcat (based on your question history), here is a Tomcat targeted example, checkout for example the JDBCRealm.

Answer 2

You can put an "onClick" javascript handler on the login form's submit button, executing an AJAX call to a servlet that stores the password. It is however breaching the security framework.
Better idea is to have a "secure" password purse function, protected by the J2EE authentication. This function would retrieve your e-mail password from a database or LDAP. Of course in this case the database should store your passwords in a clear text or obfuscated format.
Even better idea is to use an external authenticator (single sign-on) for both the servlet and the e-mail server, but it is only possible if there is an authentication provider they both support.