Package hudson.security

Class AuthenticationProcessingFilter2

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

hudson.security.AuthenticationProcessingFilter2

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public final class AuthenticationProcessingFilter2
extends org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Login filter with a change for Jenkins so that we can pick up the hidden "from" form field defined in login.jelly to send the user back to where he came from, after a successful authentication.

Author:

Kohsuke Kawaguchi

Field Summary

Fields

Modifier and Type	Field	Description
static boolean	SKIP_CSRF_CHECK	Escape hatch to disable CSRF protection for login requests.

Fields inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

SPRING_SECURITY_FORM_PASSWORD_KEY, SPRING_SECURITY_FORM_USERNAME_KEY

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
AuthenticationProcessingFilter2(String authenticationGatewayUrl)

Method Summary

Modifier and Type	Method	Description
org.springframework.security.core.Authentication	attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
protected void	successfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, org.springframework.security.core.Authentication authResult)
protected void	unsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException failed)	Leave the information about login failure.

Methods inherited from class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

getPasswordParameter, getUsernameParameter, obtainPassword, obtainUsername, setDetails, setPasswordParameter, setPostOnly, setUsernameParameter

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationConverter, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SKIP_CSRF_CHECK

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public static boolean SKIP_CSRF_CHECK

Escape hatch to disable CSRF protection for login requests.

Constructor Details

AuthenticationProcessingFilter2

public AuthenticationProcessingFilter2(String authenticationGatewayUrl)

Method Details

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException

Overrides:

attemptAuthentication in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Throws:

org.springframework.security.core.AuthenticationException

successfulAuthentication

protected void successfulAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain chain,
 org.springframework.security.core.Authentication authResult)
                                 throws IOException,
jakarta.servlet.ServletException

Overrides:

successfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

jakarta.servlet.ServletException

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 org.springframework.security.core.AuthenticationException failed)
                                   throws IOException,
jakarta.servlet.ServletException

Leave the information about login failure.

Overrides:

unsuccessfulAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

IOException

jakarta.servlet.ServletException