BasicHeaderProcessor (Jenkins core 2.288 API)

java.lang.Object
- jenkins.security.BasicHeaderProcessor

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

ApiTokenFilter
```
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class BasicHeaderProcessor
extends Object
implements javax.servlet.Filter
```
Takes "username:password" given in the Authorization HTTP header and authenticates the request.
Implementations of BasicHeaderAuthenticator includes one that accepts the real password, then one that checks the user's API token. We call them all from a single Filter like this, as opposed to using a list of Filters, so that multiple filters don't end up trying to authenticate the same header differently and fail.

Author:

Kohsuke Kawaguchi

Constructor Summary

Constructors
Constructor and Description

BasicHeaderProcessor()

Constructors
Constructor and Description
`BasicHeaderProcessor()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected List<? extends BasicHeaderAuthenticator>`	`all()`
`protected boolean`	`authenticationIsRequired(String username)` If the request is already authenticated to the same user that the Authorization header claims, for example through the HTTP session, then there's no need to re-authenticate the Authorization header, so we skip that.
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`protected void`	`fail(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, org.springframework.security.authentication.BadCredentialsException failure)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`void`	`setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)`
`void`	`setRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices)`
`protected void`	`success(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- BasicHeaderProcessor
```
public BasicHeaderProcessor()
```

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

setRememberMeServices

public void setRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices)

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: IOException; javax.servlet.ServletException

authenticationIsRequired
```
protected boolean authenticationIsRequired(String username)
```
If the request is already authenticated to the same user that the Authorization header claims, for example through the HTTP session, then there's no need to re-authenticate the Authorization header, so we skip that. This avoids stressing SecurityRealm. This method returns false if we can take this short-cut.

success

protected void success(javax.servlet.http.HttpServletRequest req,
                       javax.servlet.http.HttpServletResponse rsp,
                       javax.servlet.FilterChain chain,
                       org.springframework.security.core.Authentication auth)
                throws IOException,
                       javax.servlet.ServletException

Throws:: IOException; javax.servlet.ServletException

fail

protected void fail(javax.servlet.http.HttpServletRequest req,
                    javax.servlet.http.HttpServletResponse rsp,
                    org.springframework.security.authentication.BadCredentialsException failure)
             throws IOException,
                    javax.servlet.ServletException

Throws:: IOException; javax.servlet.ServletException

all

protected List<? extends BasicHeaderAuthenticator> all()

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

Class BasicHeaderProcessor

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

BasicHeaderProcessor

Method Detail

init

setAuthenticationEntryPoint

setRememberMeServices

doFilter

authenticationIsRequired

success

fail

all

destroy