Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

hudson.security
Class BasicAuthenticationFilter

java.lang.Object
  extended by hudson.security.BasicAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter
public class BasicAuthenticationFilter
extends Object
implements javax.servlet.Filter

Implements the dual authentcation mechanism.

Jenkins supports both the HTTP basic authentication and the form-based authentication. The former is for scripted clients, and the latter is for humans. Unfortunately, because the servlet spec does not allow us to programatically authenticate users, we need to rely on some hack to make it work, and this is the class that implements that hack.

When an HTTP request arrives with an HTTP basic auth header, this filter detects that and emulate an invocation of /j_security_check (see this page for the original technique.)

This causes the container to perform authentication, but there's no way to find out whether the user has been successfully authenticated or not. So to find this out, we then redirect the user to /secured/... page.

The handler of the above URL checks if the user is authenticated, and if not report an HTTP error code. Otherwise the user is redirected back to the original URL, where the request is served.

So all in all, the redirection works like /abc/def -> /secured/abc/def -> /abc/def.

Notes

Author:
Kohsuke Kawaguchi

Constructor Summary
BasicAuthenticationFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
           
 void init(javax.servlet.FilterConfig filterConfig)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicAuthenticationFilter

public BasicAuthenticationFilter()
Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2013. All Rights Reserved.