@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @Extension public class BasicHeaderRealPasswordAuthenticator extends BasicHeaderAuthenticator
ExtensionPoint.LegacyInstancesAreScopedToHudson
Modifier and Type | Field and Description |
---|---|
static boolean |
DISABLE
Legacy property to disable the real password support.
|
Constructor and Description |
---|
BasicHeaderRealPasswordAuthenticator() |
Modifier and Type | Method and Description |
---|---|
org.springframework.security.core.Authentication |
authenticate2(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse rsp,
String username,
String password)
Given the parsed username and password field from the basic authentication header,
determine the effective security credential to process the request with.
|
all, authenticate
public static boolean DISABLE
ExtensionFilter
is a better way to control this.public BasicHeaderRealPasswordAuthenticator()
public org.springframework.security.core.Authentication authenticate2(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, String username, String password) throws IOException, javax.servlet.ServletException
BasicHeaderAuthenticator
The method must return null if the password or username didn't match what's expected. When null is returned, other authenticators will get a chance to process the request. This is necessary because Jenkins accepts both real password as well as API tokens for the password.
In contrast, when an exception is thrown the request processing will fail immediately without providing a chance for other authenticators to process the request.
When no processor can validate the username/password pair, caller will make the request processing fail.
authenticate2
in class BasicHeaderAuthenticator
IOException
javax.servlet.ServletException
Copyright © 2004–2021. All rights reserved.