Menu

Expand
Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

SMS Two-Factor Authentication with Java and Servlets

About this Application

This Java Servlets application example demonstrates how to implement a SMS two-factor authentication using Twilio.

To run this application yourself download the code and follow the instructions on GitHub.

Adding a two-factor authentication (2FA) to your web application increases the security of your user's data. Multi-factor authentication determines the identity of a user in two steps:

  1. First, we validate the user with an email and password
  2. Second, we validate by sending them a one-time verification code to a mobile device

Once our user enters the verification code, we know they have received the SMS, and indeed they are who they say they are. This is a standard SMS implementation.

For a slightly more advanced implementation using Authy One-Touch take a look at this tutorial.

Intuit uses Twilio SMS to protect 1M+ businesses from online security threats. Read why they chose Twilio.

Let's get started!

Generate a Verification Code

Once our user logs in we need to send them the one-time verification code.

To generate our verification code we use the java.util.Random class. Considering the current implementation, our 6-digit verification code could be any number between 100000 and 999999.

        
        
        
        
        src/main/java/com/twilio/sms2fa/domain/model/User.java

        Generate a Verification Code

        src/main/java/com/twilio/sms2fa/domain/model/User.java

        Next, let's take a look at how to setup the Twilio Java helper library to send the verification code as an SMS.

        Onward!

        Obtain a TwilioRestClient Instance

        The Twilio helper library allows us to easily send an SMS. First, we have to create an instance of a Twilio Client with our credentials.

              
              
              
              
              src/main/java/com/twilio/sms2fa/infrastructure/guice/Sms2faServiceModule.java

              Obtain a TwilioRestClient Instance

              src/main/java/com/twilio/sms2fa/infrastructure/guice/Sms2faServiceModule.java

              You can find your credentials on your Twilio Account.

              Next, we will see how to actually send the verification code.

              Send the Verification Code

              Send a Verification Code

              Once we have the MessageCreator instance created with the necessary parameters, all we have to do to send an SMS using the REST API is to call the execute method passing the twilioRestClient instance.

              In this example, the class TwilioMessageSender is the one responsible for it.

                    
                    
                    
                    
                    src/main/java/com/twilio/sms2fa/infrastructure/service/TwilioMessageSender.java

                    Send a Verification Code

                    src/main/java/com/twilio/sms2fa/infrastructure/service/TwilioMessageSender.java

                    Now that we know how to generate the verification code and send it, let's now look at how to kick off the signup process.

                    Register a User

                    Register a User

                    When a user signs up on our website, the prior should store the user's information and send them a verification code.

                    In order to do two-factor authentication we need to make sure we ask for the user's phone number.

                    One thing to notice is that when the User constructor is called, the verification code is generated.

                          
                          
                          
                          
                          src/main/java/com/twilio/sms2fa/application/servlets/UsersServlet.java

                          Register a User

                          src/main/java/com/twilio/sms2fa/application/servlets/UsersServlet.java

                          Let's see how the CreateUser#create method is implemented.

                          Save and Send the SMS

                          Save and Send the SMS

                          In this step all we will do is store the user (and his verification code accordingly) and send an SMS message.

                          Noticed that MessageSender is implemented by TwilioMessageSender, that we mentioned previously.

                                
                                
                                
                                
                                src/main/java/com/twilio/sms2fa/domain/service/CreateUser.java

                                Save and Send the SMS

                                src/main/java/com/twilio/sms2fa/domain/service/CreateUser.java

                                Now let's take a closer at how to proceed with the 2-step verification.

                                Implement the 2-Step Verification

                                Implement the 2-Step Verification

                                When the user receives an SMS with the verification code we need to ensure the given code is valid.

                                This validation is achieved by comparing the user's verification code with the verification code the user inputs on the form.

                                If the validation was successful the application allows the user to have access to the protected content. Otherwise the application will prompt for the verification code once again.

                                      
                                      
                                      
                                      
                                      src/main/java/com/twilio/sms2fa/application/servlets/ConfirmationsServlet.java

                                      Implement the 2-Step Verification

                                      src/main/java/com/twilio/sms2fa/application/servlets/ConfirmationsServlet.java

                                      That's it! We've just implemented SMS Two-Factor Authentication that you can now use in your applications!

                                      Where to next?

                                      Where to next?

                                      If you're a Java developer working with Twilio, you might want to check these other tutorials out.

                                      Workflow Automation

                                      Increase your rate of response by automating the workflows that are key to your business. In this tutorial, you will learn how to build a ready-for-scale automated SMS workflow, for a vacation rental company.

                                      Masked Numbers

                                      Protect your users' privacy by anonymously connecting them with Twilio Voice and SMS. Learn how to create disposable phone numbers on-demand, so two users can communicate without exchanging personal information.

                                      Did this help?

                                      Thanks for checking this tutorial out! If you have any feedback to share with us please contact us on Twitter, we'd love to hear it.

                                      Agustin Camino Andrew Baker David Prothero Kat King
                                      Rate this page:

                                      Need some help?

                                      We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.