Package org.operaton.bpm.engine.rest.security.auth.impl

Class HttpBasicAuthenticationProvider

java.lang.Object

org.operaton.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public class HttpBasicAuthenticationProvider
extends Object
implements AuthenticationProvider

Implementation of the AuthenticationProvider interface that performs HTTP Basic Authentication against the identity service of a process engine.

This class extracts credentials from the "Authorization" HTTP header, decodes them, and validates them using the process engine's identity service.

If authentication fails, an appropriate challenge response is added to the HTTP response.

Author:

Thorben Lindhauer

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	BASIC_AUTH_HEADER_PREFIX

Constructor Summary

Constructors

Constructor	Description
HttpBasicAuthenticationProvider()

Method Summary

Modifier and Type	Method	Description
void	augmentResponseByAuthenticationChallenge(jakarta.servlet.http.HttpServletResponse response, ProcessEngine engine)	Adds an HTTP Basic Authentication challenge to the response.
AuthenticationResult	extractAuthenticatedUser(jakarta.servlet.http.HttpServletRequest request, ProcessEngine engine)	Extracts and authenticates the user from the HTTP request using Basic Authentication.
protected boolean	isAuthenticated(ProcessEngine engine, String userName, String password)	Validates the provided username and password against the process engine's identity service.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

BASIC_AUTH_HEADER_PREFIX

protected static final String BASIC_AUTH_HEADER_PREFIX

See Also:

• Constant Field Values

Constructor Details

HttpBasicAuthenticationProvider

public HttpBasicAuthenticationProvider()

Method Details

extractAuthenticatedUser

public AuthenticationResult extractAuthenticatedUser(jakarta.servlet.http.HttpServletRequest request,
 ProcessEngine engine)

Extracts and authenticates the user from the HTTP request using Basic Authentication.

Specified by:

extractAuthenticatedUser in interface AuthenticationProvider

Parameters:

request - the HTTP request containing the "Authorization" header

engine - the process engine used for authentication

Returns:

an AuthenticationResult indicating success or failure

isAuthenticated

protected boolean isAuthenticated(ProcessEngine engine,
 String userName,
 String password)

Validates the provided username and password against the process engine's identity service.

Parameters:

engine - the process engine used for authentication

userName - the username to authenticate

password - the password to authenticate

Returns:

true if the credentials are valid, false otherwise

augmentResponseByAuthenticationChallenge

public void augmentResponseByAuthenticationChallenge(jakarta.servlet.http.HttpServletResponse response,
 ProcessEngine engine)

Adds an HTTP Basic Authentication challenge to the response.

Specified by:

augmentResponseByAuthenticationChallenge in interface AuthenticationProvider

Parameters:

response - the HTTP response to augment

engine - the process engine providing the authentication realm