Note that if there is no currently logged-in user, #getUserId(HttpServletRequest) will
throw a NullPointerException. Example to require login for all pages:
publicclassServletSampleextendsAbstractAppEngineAuthorizationCodeServlet{@OverrideprotectedvoiddoGet(HttpServletRequestrequest,HttpServletResponseresponse)throwsIOException{// do stuff}@OverrideprotectedStringgetRedirectUri(HttpServletRequestreq)throwsServletException,IOException{GenericUrlurl=newGenericUrl(req.getRequestURL().toString());url.setRawPath("/oauth2callback");returnurl.build();}@OverrideprotectedAuthorizationCodeFlowinitializeFlow()throwsIOException{returnnewAuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),newUrlFetchTransport(),newGsonFactory(),newGenericUrl("https://server.example.com/token"),newBasicAuthentication("s6BhdRkqt3","7Fjfp0ZBr1KtDRbnfVdmIw"),"s6BhdRkqt3","https://server.example.com/authorize").setCredentialStore(newAppEngineCredentialStore()).build();}}
Returns the user ID for the given HTTP servlet request. This identifies your application's user
and is used to fetch persisted credentials for that user. Most commonly, this will be a user id
stored in the session or even the session id itself.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Class AbstractAppEngineAuthorizationCodeServlet (1.39.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.39.0 (latest)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.38.2](/java/docs/reference/google-oauth-client/1.38.2/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.37.0](/java/docs/reference/google-oauth-client/1.37.0/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.36.0](/java/docs/reference/google-oauth-client/1.36.0/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.34.1](/java/docs/reference/google-oauth-client/1.34.1/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.33.3](/java/docs/reference/google-oauth-client/1.33.3/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet)\n- [1.32.1](/java/docs/reference/google-oauth-client/1.32.1/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet) \n\n public abstract class AbstractAppEngineAuthorizationCodeServlet extends AbstractAuthorizationCodeServlet\n\nSimple extension of [AbstractAuthorizationCodeServlet](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet) that uses the currently logged-in\nGoogle Account user, as directed in [Security\nand Authentication](https://cloud.google.com/appengine/docs/standard/java/config/webxml#security-auth). This uses the `jakarta.servlet` namespace.\n\nNote that if there is no currently logged-in user, [#getUserId(HttpServletRequest)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.appengine.auth.oauth2.jakarta.AbstractAppEngineAuthorizationCodeServlet#com_google_api_client_extensions_appengine_auth_oauth2_jakarta_AbstractAppEngineAuthorizationCodeServlet_getUserId_jakarta_servlet_http_HttpServletRequest_) will\nthrow a NullPointerException. Example to require login for all pages:\n\n\\\u003csecurity-constraint\\\u003e\n\\\u003cweb-resource-collection\\\u003e\n\\\u003cweb-resource-name\\\u003eany\\\u003c/web-resource-name\\\u003e\n\\\u003curl-pattern\\\u003e/*\\\u003c/url-pattern\\\u003e\n\\\u003c/web-resource-collection\\\u003e\n\\\u003cauth-constraint\\\u003e\n\\\u003crole-name\\\u003e*\\\u003c/role-name\\\u003e\n\\\u003c/auth-constraint\\\u003e\n\\\u003c/security-constraint\\\u003e\n\nSample usage: \n\n\n public class ServletSample extends AbstractAppEngineAuthorizationCodeServlet {\n\n @Override\n protected void doGet(HttpServletRequest request, HttpServletResponse response)\n throws IOException {\n // do stuff\n }\n\n @Override\n protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {\n GenericUrl url = new GenericUrl(req.getRequestURL().toString());\n url.setRawPath(\"/oauth2callback\");\n return url.build();\n }\n\n @Override\n protected AuthorizationCodeFlow initializeFlow() throws IOException {\n return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),\n new UrlFetchTransport(),\n new GsonFactory(),\n new GenericUrl(\"https://server.example.com/token\"),\n new BasicAuthentication(\"s6BhdRkqt3\", \"7Fjfp0ZBr1KtDRbnfVdmIw\"),\n \"s6BhdRkqt3\",\n \"https://server.example.com/authorize\").setCredentialStore(new AppEngineCredentialStore())\n .build();\n }\n }\n \nInheritance\n-----------\n\n[java.lang.Object](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html) \\\u003e jakarta.servlet.GenericServlet \\\u003e jakarta.servlet.http.HttpServlet \\\u003e [AbstractAuthorizationCodeServlet](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet) \\\u003e AbstractAppEngineAuthorizationCodeServlet \n\nInherited Members\n-----------------\n\n[AbstractAuthorizationCodeServlet.getCredential()](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_getCredential__) \n[AbstractAuthorizationCodeServlet.getRedirectUri(HttpServletRequest)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_getRedirectUri_jakarta_servlet_http_HttpServletRequest_) \n[AbstractAuthorizationCodeServlet.getUserId(HttpServletRequest)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_getUserId_jakarta_servlet_http_HttpServletRequest_) \n[AbstractAuthorizationCodeServlet.initializeFlow()](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_initializeFlow__) \n[AbstractAuthorizationCodeServlet.onAuthorization(HttpServletRequest,HttpServletResponse,AuthorizationCodeRequestUrl)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_onAuthorization_jakarta_servlet_http_HttpServletRequest_jakarta_servlet_http_HttpServletResponse_com_google_api_client_auth_oauth2_AuthorizationCodeRequestUrl_) \n[AbstractAuthorizationCodeServlet.service(HttpServletRequest,HttpServletResponse)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_service_jakarta_servlet_http_HttpServletRequest_jakarta_servlet_http_HttpServletResponse_) \njakarta.servlet.GenericServlet.destroy() \njakarta.servlet.GenericServlet.getInitParameter(java.lang.String) \njakarta.servlet.GenericServlet.getInitParameterNames() \njakarta.servlet.GenericServlet.getServletConfig() \njakarta.servlet.GenericServlet.getServletContext() \njakarta.servlet.GenericServlet.getServletInfo() \njakarta.servlet.GenericServlet.getServletName() \njakarta.servlet.GenericServlet.init() \njakarta.servlet.GenericServlet.init(jakarta.servlet.ServletConfig) \njakarta.servlet.GenericServlet.log(java.lang.String) \njakarta.servlet.GenericServlet.log(java.lang.String,java.lang.Throwable) \njakarta.servlet.http.HttpServlet.doDelete(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doGet(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doHead(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doOptions(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doPost(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doPut(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doTrace(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.getLastModified(jakarta.servlet.http.HttpServletRequest) \njakarta.servlet.http.HttpServlet.service(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse) \n[Object.clone()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--) \n[Object.equals(Object)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-) \n[Object.finalize()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--) \n[Object.getClass()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--) \n[Object.hashCode()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--) \n[Object.notify()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--) \n[Object.notifyAll()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--) \n[Object.toString()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--) \n[Object.wait()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--) \n[Object.wait(long)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-) \n[Object.wait(long,int)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-)\n\nConstructors\n------------\n\n### AbstractAppEngineAuthorizationCodeServlet()\n\n public AbstractAppEngineAuthorizationCodeServlet()\n\nMethods\n-------\n\n### getUserId(HttpServletRequest req)\n\n protected String getUserId(HttpServletRequest req)\n\nReturns the user ID for the given HTTP servlet request. This identifies your application's user\nand is used to fetch persisted credentials for that user. Most commonly, this will be a user id\nstored in the session or even the session id itself.\n\n**Overrides** \n[AbstractAuthorizationCodeServlet.getUserId(HttpServletRequest req)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeServlet_getUserId_jakarta_servlet_http_HttpServletRequest_)"]]