Package jenkins.security.stapler

Class StaplerDispatchValidator

  • All Implemented Interfaces:
    org.kohsuke.stapler.DispatchValidator
    @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class StaplerDispatchValidator
extends Object
implements org.kohsuke.stapler.DispatchValidator
    Validates views dispatched by Stapler. This validation consists of two phases:
    • Before views are loaded, the model class is checked for StaplerViews/StaplerFragments along with whitelist entries specified by the default views whitelist and the optionally defined whitelist specified by the system property jenkins.security.stapler.StaplerDispatchValidator.whitelist. Then, the model class's superclass and interfaces are recursively inspected adding views and fragments that do not conflict with the views and fragments already declared. This effectively allows model classes to override parent classes.
    • Before views write any response output, this validator is checked to see if the view has declared itself dispatchable using the l:view Jelly tag. As this validation comes later, annotations will take precedence over the use or lack of a layout tag.

    Validation can be disabled by setting the system property jenkins.security.stapler.StaplerDispatchValidator.disabled=true or setting DISABLED to true in the script console.

    Since:
    2.176.2 / 2.186

    • Field Detail

      • DISABLED

        public static boolean DISABLED
        Escape hatch to disable dispatch validation.

    • Constructor Detail

      • StaplerDispatchValidator

        public StaplerDispatchValidator()

    • Method Detail

      • isDispatchAllowed

        @CheckForNull
public Boolean isDispatchAllowed​(@NonNull
                                 org.kohsuke.stapler.StaplerRequest req,
                                 @NonNull
                                 org.kohsuke.stapler.StaplerResponse rsp)
        Specified by:
        isDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator

      • isDispatchAllowed

        @CheckForNull
public Boolean isDispatchAllowed​(@NonNull
                                 org.kohsuke.stapler.StaplerRequest req,
                                 @NonNull
                                 org.kohsuke.stapler.StaplerResponse rsp,
                                 @NonNull
                                 String viewName,
                                 @CheckForNull
                                 Object node)
        Specified by:
        isDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator

      • allowDispatch

        public void allowDispatch​(@NonNull
                          org.kohsuke.stapler.StaplerRequest req,
                          @NonNull
                          org.kohsuke.stapler.StaplerResponse rsp)
        Specified by:
        allowDispatch in interface org.kohsuke.stapler.DispatchValidator

      • requireDispatchAllowed

        public void requireDispatchAllowed​(@NonNull
                                   org.kohsuke.stapler.StaplerRequest req,
                                   @NonNull
                                   org.kohsuke.stapler.StaplerResponse rsp)
                            throws org.kohsuke.stapler.CancelRequestHandlingException
        Specified by:
        requireDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator
        Throws:
        org.kohsuke.stapler.CancelRequestHandlingException