java.lang.Object
- jenkins.security.BasicHeaderAuthenticator
- - jenkins.security.BasicHeaderRealPasswordAuthenticator

All Implemented Interfaces:

ExtensionPoint
```
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
@Extension
public class BasicHeaderRealPasswordAuthenticator
extends BasicHeaderAuthenticator
```
Checks if the password given in the BASIC header matches the user's actual password, as opposed to other pseudo-passwords like API tokens.

Since:

1.576

Author:

Kohsuke Kawaguchi

Nested Class Summary
- Nested classes/interfaces inherited from interface hudson.ExtensionPoint
  ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields
Modifier and Type Field Description

static boolean DISABLE
Legacy property to disable the real password support.

Constructor Summary

Constructors
Constructor Description

BasicHeaderRealPasswordAuthenticator()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`org.springframework.security.core.Authentication`	`authenticate2(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse rsp, String username, String password)`	Given the parsed username and password field from the basic authentication header, determine the effective security credential to process the request with.

Methods inherited from class jenkins.security.BasicHeaderAuthenticator
all, authenticate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DISABLE
```
public static boolean DISABLE
```
    Legacy property to disable the real password support. Now that this is an extension, ExtensionFilter is a better way to control this.
- Constructor Detail
  - BasicHeaderRealPasswordAuthenticator
```
public BasicHeaderRealPasswordAuthenticator()
```
- Method Detail
  - authenticate2
```
public org.springframework.security.core.Authentication authenticate2(javax.servlet.http.HttpServletRequest req,
                                                                      javax.servlet.http.HttpServletResponse rsp,
                                                                      String username,
                                                                      String password)
                                                               throws IOException,
                                                                      javax.servlet.ServletException
```
    Description copied from class: BasicHeaderAuthenticator
    
    Given the parsed username and password field from the basic authentication header, determine the effective security credential to process the request with.
    The method must return null if the password or username didn't match what's expected. When null is returned, other authenticators will get a chance to process the request. This is necessary because Jenkins accepts both real password as well as API tokens for the password.
    In contrast, when an exception is thrown the request processing will fail immediately without providing a chance for other authenticators to process the request.
    When no processor can validate the username/password pair, caller will make the request processing fail.
    
    Overrides:
    
    authenticate2 in class BasicHeaderAuthenticator
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException

Class BasicHeaderRealPasswordAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

Field Summary

Constructor Summary

Method Summary

Methods inherited from class jenkins.security.BasicHeaderAuthenticator

Methods inherited from class java.lang.Object

Field Detail

DISABLE

Constructor Detail

BasicHeaderRealPasswordAuthenticator

Method Detail

authenticate2