Class HttpBasicAuthenticationProvider
- java.lang.Object
-
- org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider
-
- All Implemented Interfaces:
AuthenticationProvider
public class HttpBasicAuthenticationProvider extends java.lang.Object implements AuthenticationProvider
Authenticates a request against the provided process engine's identity service by applying http basic authentication.
- Author:
- Thorben Lindhauer
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
BASIC_AUTH_HEADER_PREFIX
-
Constructor Summary
Constructors Constructor Description HttpBasicAuthenticationProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
augmentResponseByAuthenticationChallenge(javax.servlet.http.HttpServletResponse response, ProcessEngine engine)
Callback to add an authentication challenge to the response to the client.AuthenticationResult
extractAuthenticatedUser(javax.servlet.http.HttpServletRequest request, ProcessEngine engine)
Checks the request for authentication.protected boolean
isAuthenticated(ProcessEngine engine, java.lang.String userName, java.lang.String password)
-
-
-
Field Detail
-
BASIC_AUTH_HEADER_PREFIX
protected static final java.lang.String BASIC_AUTH_HEADER_PREFIX
- See Also:
- Constant Field Values
-
-
Method Detail
-
extractAuthenticatedUser
public AuthenticationResult extractAuthenticatedUser(javax.servlet.http.HttpServletRequest request, ProcessEngine engine)
Description copied from interface:AuthenticationProvider
Checks the request for authentication. May not return null, but always anAuthenticationResult
that indicates, whether authentication was successful, and, if true, always provides the authenticated user. The result can only be successful if a valid user id was provided in the request. It is not required to provide the group or tenant id, as they will be resolved via theIdentityService
(e.g.ProcessEngineAuthenticationFilter.setAuthenticatedUser(org.camunda.bpm.engine.ProcessEngine, java.lang.String, java.util.List<java.lang.String>, java.util.List<java.lang.String>)
).- Specified by:
extractAuthenticatedUser
in interfaceAuthenticationProvider
- Parameters:
request
- the request to authenticateengine
- the process engine the request addresses. May be used to authenticate against the engine's identity service.
-
isAuthenticated
protected boolean isAuthenticated(ProcessEngine engine, java.lang.String userName, java.lang.String password)
-
augmentResponseByAuthenticationChallenge
public void augmentResponseByAuthenticationChallenge(javax.servlet.http.HttpServletResponse response, ProcessEngine engine)
Description copied from interface:AuthenticationProvider
Callback to add an authentication challenge to the response to the client. Called in case of unsuccessful authentication.
For example, a Http Basic auth implementation may set the WWW-Authenticate header to
Basic realm="engine name"
.- Specified by:
augmentResponseByAuthenticationChallenge
in interfaceAuthenticationProvider
engine
- the process engine the request addressed. May be considered as an authentication realm to create a specific authentication challenge
-
-