Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

SMS Two-Factor Authentication with Java and Servlets

Download the Code

About this Application

This Java Servlets application example demonstrates how to implement a SMS two-factor authentication using Twilio.

To run this application yourself download the code and follow the instructions on GitHub.

Adding a two-factor authentication (2FA) to your web application increases the security of your user's data. Multi-factor authentication determines the identity of a user in two steps:

  1. First, we validate the user with an email and password
  2. Second, we validate by sending them a one-time verification code to a mobile device

Once our user enters the verification code, we know they have received the SMS, and indeed they are who they say they are. This is a standard SMS implementation.

For a slightly more advanced implementation using Authy One-Touch take a look at this tutorial.

Intuit uses Twilio SMS to protect 1M+ businesses from online security threats. Read why they chose Twilio.

Let's get started!

Generate a Verification Code

Once our user logs in we need to send them the one-time verification code.

To generate our verification code we use the java.util.Random class. Considering the current implementation, our 6-digit verification code could be any number between 100000 and 999999.

Loading Code Sample...
      
      
      
      
      src/main/java/com/twilio/sms2fa/domain/model/User.java

      Generate a Verification Code

      src/main/java/com/twilio/sms2fa/domain/model/User.java

      Next, let's take a look at how to setup the Twilio Java helper library to send the verification code as an SMS.

      Onward!

      Obtain a TwilioRestClient Instance

      The Twilio helper library allows us to easily send an SMS. First, we have to create an instance of a Twilio Client with our credentials.

      Loading Code Sample...
          
          
          
          
          src/main/java/com/twilio/sms2fa/infrastructure/guice/Sms2faServiceModule.java

          Obtain a TwilioRestClient Instance

          src/main/java/com/twilio/sms2fa/infrastructure/guice/Sms2faServiceModule.java

          You can find your credentials on your Twilio Account.

          Next, we will see how to actually send the verification code.

          Send the Verification Code

          Send a Verification Code

          Once we have the MessageCreator instance created with the necessary parameters, all we have to do to send an SMS using the REST API is to call the execute method passing the twilioRestClient instance.

          In this example, the class TwilioMessageSender is the one responsible for it.

          Loading Code Sample...
              
              
              
              
              src/main/java/com/twilio/sms2fa/infrastructure/service/TwilioMessageSender.java

              Send a Verification Code

              src/main/java/com/twilio/sms2fa/infrastructure/service/TwilioMessageSender.java

              Now that we know how to generate the verification code and send it, let's now look at how to kick off the signup process.

              Register a User

              Register a User

              When a user signs up on our website, the prior should store the user's information and send them a verification code.

              In order to do two-factor authentication we need to make sure we ask for the user's phone number.

              One thing to notice is that when the User constructor is called, the verification code is generated.

              Loading Code Sample...
                  
                  
                  
                  
                  src/main/java/com/twilio/sms2fa/application/servlets/UsersServlet.java

                  Register a User

                  src/main/java/com/twilio/sms2fa/application/servlets/UsersServlet.java

                  Let's see how the CreateUser#create method is implemented.

                  Save and Send the SMS

                  Save and Send the SMS

                  In this step all we will do is store the user (and his verification code accordingly) and send an SMS message.

                  Noticed that MessageSender is implemented by TwilioMessageSender, that we mentioned previously.

                  Loading Code Sample...
                      
                      
                      
                      
                      src/main/java/com/twilio/sms2fa/domain/service/CreateUser.java

                      Save and Send the SMS

                      src/main/java/com/twilio/sms2fa/domain/service/CreateUser.java

                      Now let's take a closer at how to proceed with the 2-step verification.

                      Implement the 2-Step Verification

                      Implement the 2-Step Verification

                      When the user receives an SMS with the verification code we need to ensure the given code is valid.

                      This validation is achieved by comparing the user's verification code with the verification code the user inputs on the form.

                      If the validation was successful the application allows the user to have access to the protected content. Otherwise the application will prompt for the verification code once again.

                      Loading Code Sample...
                          
                          
                          
                          
                          src/main/java/com/twilio/sms2fa/application/servlets/ConfirmationsServlet.java

                          Implement the 2-Step Verification

                          src/main/java/com/twilio/sms2fa/application/servlets/ConfirmationsServlet.java

                          That's it! We've just implemented SMS Two-Factor Authentication that you can now use in your applications!

                          Where to next?

                          Where to next?

                          If you're a Java developer working with Twilio, you might want to check these other tutorials out.

                          Workflow Automation

                          Increase your rate of response by automating the workflows that are key to your business. In this tutorial, you will learn how to build a ready-for-scale automated SMS workflow, for a vacation rental company.

                          Masked Numbers

                          Protect your users' privacy by anonymously connecting them with Twilio Voice and SMS. Learn how to create disposable phone numbers on-demand, so two users can communicate without exchanging personal information.

                          Did this help?

                          Thanks for checking this tutorial out! If you have any feedback to share with us please contact us on Twitter, we'd love to hear it.

                          Agustin Camino Andrew Baker  David Prothero Kat King

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

                          Loading Code Sample...