Add Login to Your Java Servlet Application

Prerequisites: Before you begin, ensure you have the following installed:

Java Development Kit (JDK): Version 8 or higher
Build Tool: Maven 3.6+ or Gradle 6.0+
Application Server: Apache Tomcat 9.0+ or any servlet container
Auth0 Account: Sign up for free if you don’t have one

Get Started

This quickstart demonstrates how to add Auth0 authentication to a Java servlet application. You’ll build a secure web application with login, logout, and user profile features using the Auth0 Java MVC Commons SDK.

Create a New Java Web Project

Create a new Java web application project for this quickstart.

Maven
Gradle

mvn archetype:generate \
  -DgroupId=com.auth0.example \
  -DartifactId=auth0-servlet-app \
  -DarchetypeArtifactId=maven-archetype-webapp \
  -DinteractiveMode=false

Navigate to your project directory:

cd auth0-servlet-app

Create a new directory and initialize a Gradle project:

mkdir auth0-servlet-app && cd auth0-servlet-app
gradle init --type java-application

Install the Auth0 Java MVC Commons SDK

Add the Auth0 dependency to your project build file.

Maven
Gradle

Add the following dependency to your pom.xml:

<dependencies>
    <dependency>
        <groupId>com.auth0</groupId>
        <artifactId>mvc-auth-commons</artifactId>
        <version>1.11.1</version>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>3.1.0</version>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
        <version>1.2</version>
    </dependency>
</dependencies>

Add the following dependencies to your build.gradle:

plugins {
    id 'java'
    id 'war'
}

dependencies {
    implementation 'com.auth0:mvc-auth-commons:1.11.1'
    implementation 'javax.servlet:javax.servlet-api:3.1.0'
    implementation 'javax.servlet:jstl:1.2'
}

Setup Your Auth0 Application

Next, you need to create a new application on your Auth0 tenant and add the configuration to your project.

Head to the Auth0 Dashboard
Click on Applications > Applications > Create Application
In the popup, enter a name for your app, select Regular Web Application as the app type and click Create
Switch to the Settings tab on the Application Details page
Note down the Domain, Client ID, and Client Secret values from the dashboard
Finally, on the Settings tab of your Application Details page, configure the following URLs:

Allowed Callback URLs:

http://localhost:8080/callback

Allowed Logout URLs:

http://localhost:8080/login

Allowed Web Origins:

http://localhost:8080

Allowed Callback URLs are a critical security measure to ensure users are safely returned to your application after authentication. Without a matching URL, the login process will fail, and users will be blocked by an Auth0 error page instead of accessing your app.
Allowed Logout URLs are essential for providing a seamless user experience upon signing out. Without a matching URL, users will not be redirected back to your application after logout and will instead be left on a generic Auth0 page.
Allowed Web Origins is critical for silent authentication. Without it, users will be logged out when they refresh the page or return to your app later.

Configure the Auth0 SDK

Configure your servlet application to use the Auth0 SDK by setting up the web.xml configuration with the Auth0 credentials generated above.Create or update src/main/webapp/WEB-INF/web.xml and replace the placeholder values with your actual Auth0 application settings:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
         http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <display-name>Auth0 Servlet Example</display-name>

    <!-- Auth0 Configuration -->
    <context-param>
        <param-name>com.auth0.domain</param-name>
        <param-value>YOUR_AUTH0_DOMAIN</param-value>
    </context-param>
    <context-param>
        <param-name>com.auth0.clientId</param-name>
        <param-value>YOUR_AUTH0_CLIENT_ID</param-value>
    </context-param>
    <context-param>
        <param-name>com.auth0.clientSecret</param-name>
        <param-value>YOUR_AUTH0_CLIENT_SECRET</param-value>
    </context-param>
</web-app>

Important: Replace YOUR_AUTH0_DOMAIN, YOUR_AUTH0_CLIENT_ID, and YOUR_AUTH0_CLIENT_SECRET with the actual values from your Auth0 application settings.

Create Authentication Components and Filter

Create the necessary Java classes to handle authentication flows and protect secured pages.

Create User Interface Pages

Create the JSP pages and HTML files for your application.

Build and Run Your Application

Now you’re ready to build and run your application.

Maven
Gradle

Build the application:

mvn clean compile war:war

Deploy to Tomcat:

# Copy the WAR file to Tomcat webapps directory
cp target/auth0-servlet-app.war $CATALINA_HOME/webapps/ROOT.war

Build the application:

gradle clean build

Deploy to Tomcat:

# Copy the WAR file to Tomcat webapps directory
cp build/libs/auth0-servlet-app.war $CATALINA_HOME/webapps/

Start Tomcat (or your preferred servlet container):

$CATALINA_HOME/bin/startup.sh  # On Unix/Linux/Mac
# or
$CATALINA_HOME/bin/startup.bat  # On Windows

CheckpointYou should now have a fully functional Auth0-integrated servlet application running at http://localhost:8080/Test your implementation:

Navigate to your application URL
Click “Login with Auth0”
Complete the Auth0 login process
You should be redirected to your profile page showing the tokens
Click “Logout” to clear the session

Advanced Usage

Enhance Your Application

Now that you have basic authentication working, consider these enhancements:

User Profile Information: Decode the ID token to display user information
API Calls: Use the access token to call Auth0’s Management API or your own APIs
Role-Based Access: Implement authorization using Auth0 roles and permissions
Single Sign-On: Configure SSO across multiple applications

Additional Resources

Auth0 Java MVC Commons Documentation - Auth0 Dashboard - Manage your Auth0 applications - Auth0 Servlet Sample Repository - Complete examples - Auth0 Java SDK Documentation - Advanced SDK usage

Troubleshooting

Common IssuesAuthentication fails with “Invalid callback URL”

Verify that the callback URL in your Auth0 application settings matches exactly: http://localhost:8080/callback

“Missing domain, clientId, or clientSecret” error

Check that your web.xml configuration has the correct Auth0 application values
Ensure the parameter names match exactly: com.auth0.domain, com.auth0.clientId, com.auth0.clientSecret

Application doesn’t start

Verify all required dependencies are in your classpath
Check that your servlet container supports Servlet API 3.0+
Review server logs for specific error messages

Session not persisting

Ensure your servlet container is configured for session management
Check that cookies are enabled in your browser
Verify HTTPS is used in production environments

For additional support, visit the Auth0 Community or check the Auth0 Support Center.

Single Page App

Regular Web App

Native/Mobile App

Backend/API

Add Login to Your Java Servlet Application

Get Started

Advanced Usage

Single Page App

Regular Web App

Native/Mobile App

Backend/API

​Get Started

​Advanced Usage

Get Started

Advanced Usage