@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public class BasicHeaderProcessor extends Object implements javax.servlet.Filter
Authorization
HTTP header and authenticates
the request.
Implementations of BasicHeaderAuthenticator
includes one that accepts the real password,
then one that checks the user's API token. We call them all from a single Filter like this,
as opposed to using a list of Filter
s, so that multiple filters don't end up trying
to authenticate the same header differently and fail.
Constructor and Description |
---|
BasicHeaderProcessor() |
Modifier and Type | Method and Description |
---|---|
protected List<? extends BasicHeaderAuthenticator> |
all() |
protected boolean |
authenticationIsRequired(String username)
If the request is already authenticated to the same user that the Authorization header claims,
for example through the HTTP session, then there's no need to re-authenticate the Authorization header,
so we skip that.
|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
fail(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
org.springframework.security.authentication.BadCredentialsException failure) |
void |
init(javax.servlet.FilterConfig filterConfig) |
void |
setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint) |
void |
setRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices) |
protected void |
success(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
javax.servlet.FilterChain chain,
org.springframework.security.core.Authentication auth) |
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
public void setRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices)
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
protected boolean authenticationIsRequired(String username)
SecurityRealm
.
This method returns false if we can take this short-cut.protected void success(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected void fail(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, org.springframework.security.authentication.BadCredentialsException failure) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected List<? extends BasicHeaderAuthenticator> all()
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2004–2021. All rights reserved.