Recording this HTTP basic authentication code.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@3459 71c3de6d-444a-0410-be80-ed276b4c234a

core/src/main/java/hudson/model/Hudson.java

@@ -27,7 +27,14 @@ import hudson.scm.RepositoryBrowsers;
 import hudson.scm.SCM;
 import hudson.scm.SCMDescriptor;
 import hudson.scm.SCMS;
-import hudson.tasks.*;
+import hudson.tasks.BuildStep;
+import hudson.tasks.BuildWrapper;
+import hudson.tasks.BuildWrappers;
+import hudson.tasks.Builder;
+import hudson.tasks.DynamicLabeler;
+import hudson.tasks.LabelFinder;
+import hudson.tasks.Mailer;
+import hudson.tasks.Publisher;
 import hudson.triggers.Trigger;
 import hudson.triggers.TriggerDescriptor;
 import hudson.triggers.Triggers;
@@ -35,6 +42,7 @@ import hudson.util.CopyOnWriteList;
 import hudson.util.CopyOnWriteMap;
 import hudson.util.FormFieldValidator;
 import hudson.util.MultipartFormDataParser;
+import hudson.util.Scrambler;
 import hudson.util.XStream2;
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
@@ -44,6 +52,7 @@ import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
 
+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -56,6 +65,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URLEncoder;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -74,11 +84,11 @@ import java.util.Stack;
 import java.util.StringTokenizer;
 import java.util.TreeSet;
 import java.util.Vector;
-import java.util.regex.Pattern;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.logging.Level;
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
+import java.util.regex.Pattern;
 
 /**
  * Root object of the system.
@@ -1231,6 +1241,47 @@ public final class Hudson extends View implements ItemGroup<TopLevelItem>, Node
         // looks good
     }
 
+    /**
+     * Authenticate the user by using the HTTP BASIC auth protocol.
+     * <p>
+     * This is useful for scripted clients, and complements the default
+     * form-based authentication.
+     */
+    public void doSecured( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
+        String authorization = req.getHeader("Authorization");
+        String username = null;
+        String password = null;
+        if(authorization!=null) {
+            String uidpassword = Scrambler.descramble(authorization.substring(6));
+            int idx = uidpassword.indexOf(':');
+            if (idx >= 0) {
+                username = uidpassword.substring(0, idx);
+                password = uidpassword.substring(idx+1);
+            }
+        }
+
+        if(authorization==null || username==null) {
+            rsp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            rsp.setHeader("WWW-Authenticate","Basic realm=\"Hudson administrator\"");
+            return;
+        }
+
+        String path = req.getContextPath()+req.getRestOfPath();
+        String q = req.getQueryString();
+        if(q!=null)
+            path += q;
+
+        // prepare a redirect
+        rsp.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+        rsp.setHeader("Location",path);
+
+
+        // ... but first let the container authenticate this request
+        RequestDispatcher d = req.getServletContext().getRequestDispatcher("/j_security_check?j_username="+
+            URLEncoder.encode(username,"UTF-8")+"&j_password="+URLEncoder.encode(password,"UTF-8"));
+        d.include(req,rsp);
+    }
+
     /**
      * Called once the user logs in. Just forward to the top page.
      */