Package jenkins.security
Class BasicHeaderProcessor
java.lang.Object
jenkins.security.BasicHeaderProcessor
- All Implemented Interfaces:
javax.servlet.Filter
- Direct Known Subclasses:
ApiTokenFilter
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class BasicHeaderProcessor
extends Object
implements javax.servlet.Filter
Takes "username:password" given in the
Authorization HTTP header and authenticates
the request.
Implementations of BasicHeaderAuthenticator includes one that accepts the real password,
then one that checks the user's API token. We call them all from a single Filter like this,
as opposed to using a list of Filters, so that multiple filters don't end up trying
to authenticate the same header differently and fail.
- Author:
- Kohsuke Kawaguchi
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected List<? extends BasicHeaderAuthenticator>all()protected booleanauthenticationIsRequired(String username) If the request is already authenticated to the same user that the Authorization header claims, for example through the HTTP session, then there's no need to re-authenticate the Authorization header, so we skip that.voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) protected voidfail(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, org.springframework.security.authentication.BadCredentialsException failure) voidinit(javax.servlet.FilterConfig filterConfig) voidsetAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint) voidsetRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices) protected voidsuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth)
-
Constructor Details
-
BasicHeaderProcessor
public BasicHeaderProcessor()
-
-
Method Details
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException - Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint) -
setRememberMeServices
public void setRememberMeServices(org.springframework.security.web.authentication.RememberMeServices rememberMeServices) -
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
authenticationIsRequired
If the request is already authenticated to the same user that the Authorization header claims, for example through the HTTP session, then there's no need to re-authenticate the Authorization header, so we skip that. This avoids stressingSecurityRealm. This method returns false if we can take this short-cut. -
success
protected void success(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, javax.servlet.FilterChain chain, org.springframework.security.core.Authentication auth) throws IOException, javax.servlet.ServletException - Throws:
IOExceptionjavax.servlet.ServletException
-
fail
protected void fail(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, org.springframework.security.authentication.BadCredentialsException failure) throws IOException, javax.servlet.ServletException - Throws:
IOExceptionjavax.servlet.ServletException
-
all
-
destroy
public void destroy()- Specified by:
destroyin interfacejavax.servlet.Filter
-