Package hudson.security.csrf

Class CrumbExclusion

java.lang.Object

hudson.security.csrf.CrumbExclusion

All Implemented Interfaces:

ExtensionPoint

Direct Known Subclasses:

ApiCrumbExclusion, CliCrumbExclusion

public abstract class CrumbExclusion
extends Object
implements ExtensionPoint

Allows plugins to define exceptions to the CSRF protection filter. Please note that Jenkins 2.96 and newer accepts HTTP POST requests without CSRF crumb, if HTTP Basic authentication uses an API token instead of a password, so many use cases (simple API clients that support authentication but not obtaining a crumb) should be obsolete.

Since:

1.446

Author:

Kohsuke Kawaguchi

Nested Class Summary

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Constructor Summary

Constructors

Constructor	Description
CrumbExclusion()

Method Summary

Modifier and Type	Method	Description
static ExtensionList<CrumbExclusion>	all()
abstract boolean	process(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)	This method is called for every incoming POST request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CrumbExclusion

public CrumbExclusion()

Method Details

process

public abstract boolean process(javax.servlet.http.HttpServletRequest request,
 javax.servlet.http.HttpServletResponse response,
 javax.servlet.FilterChain chain)
                         throws IOException,
javax.servlet.ServletException

This method is called for every incoming POST request.

Returns:

true to indicate that the callee had processed this request (for example by reporting an error, or by executing the rest of the chain.)

Throws:

IOException

javax.servlet.ServletException

all

public static ExtensionList<CrumbExclusion> all()