Class BasicHeaderRealPasswordAuthenticator

  • All Implemented Interfaces:
    ExtensionPoint

    @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
    @Extension
    public class BasicHeaderRealPasswordAuthenticator
    extends BasicHeaderAuthenticator
    Checks if the password given in the BASIC header matches the user's actual password, as opposed to other pseudo-passwords like API tokens.
    Since:
    1.576
    Author:
    Kohsuke Kawaguchi
    • Field Detail

      • DISABLE

        public static boolean DISABLE
        Legacy property to disable the real password support. Now that this is an extension, ExtensionFilter is a better way to control this.
    • Constructor Detail

      • BasicHeaderRealPasswordAuthenticator

        public BasicHeaderRealPasswordAuthenticator()
    • Method Detail

      • authenticate2

        public org.springframework.security.core.Authentication authenticate2​(javax.servlet.http.HttpServletRequest req,
                                                                              javax.servlet.http.HttpServletResponse rsp,
                                                                              String username,
                                                                              String password)
                                                                       throws IOException,
                                                                              javax.servlet.ServletException
        Description copied from class: BasicHeaderAuthenticator
        Given the parsed username and password field from the basic authentication header, determine the effective security credential to process the request with.

        The method must return null if the password or username didn't match what's expected. When null is returned, other authenticators will get a chance to process the request. This is necessary because Jenkins accepts both real password as well as API tokens for the password.

        In contrast, when an exception is thrown the request processing will fail immediately without providing a chance for other authenticators to process the request.

        When no processor can validate the username/password pair, caller will make the request processing fail.

        Overrides:
        authenticate2 in class BasicHeaderAuthenticator
        Throws:
        IOException
        javax.servlet.ServletException