java.lang.Object
- hudson.security.BasicAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class BasicAuthenticationFilter
extends Object
implements javax.servlet.Filter
```
Implements the dual authentication mechanism.
Jenkins supports both the HTTP basic authentication and the form-based authentication. The former is for scripted clients, and the latter is for humans. Unfortunately, because the servlet spec does not allow us to programmatically authenticate users, we need to rely on some hack to make it work, and this is the class that implements that hack.
When an HTTP request arrives with an HTTP basic auth header, this filter detects that and emulate an invocation of /j_security_check (see this page for the original technique.)
This causes the container to perform authentication, but there's no way to find out whether the user has been successfully authenticated or not. So to find this out, we then redirect the user to /secured/... page.
The handler of the above URL checks if the user is authenticated, and if not report an HTTP error code. Otherwise the user is redirected back to the original URL, where the request is served.
So all in all, the redirection works like /abc/def → /secured/abc/def → /abc/def.
Notes
- The technique of getting a request dispatcher for /j_security_check may not work for all containers, but so far that seems like the only way to make this work.
- This A → B → A redirect is a cyclic redirection, so we need to watch out for clients that detect this as an error.
Author:

Kohsuke Kawaguchi

Constructor Summary

Constructors
Constructor Description

BasicAuthenticationFilter()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- BasicAuthenticationFilter
```
public BasicAuthenticationFilter()
```

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: IOException; javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

Class BasicAuthenticationFilter

Notes

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

BasicAuthenticationFilter

Method Detail

init

doFilter

destroy