Package jenkins.security

Class ApiTokenProperty.DescriptorImpl

java.lang.Object

hudson.model.Descriptor<UserProperty>

hudson.model.UserPropertyDescriptor

jenkins.security.ApiTokenProperty.DescriptorImpl

All Implemented Interfaces:

Saveable, Loadable, OnMaster

Enclosing class:

ApiTokenProperty

@Extension
@Symbol("apiToken")
public static final class ApiTokenProperty.DescriptorImpl
extends UserPropertyDescriptor

Nested Class Summary

Nested classes/interfaces inherited from class hudson.model.Descriptor

Descriptor.FormException, Descriptor.PropertyType, Descriptor.Self

Field Summary

Fields inherited from class hudson.model.Descriptor

clazz

Fields inherited from interface hudson.model.Saveable

NOOP

Constructor Summary

Constructors

Constructor	Description
DescriptorImpl()

Method Summary

Modifier and Type	Method	Description
org.kohsuke.stapler.HttpResponse	doAddFixedToken(User u, String newTokenName, String newTokenPlainValue)	This method is dangerous and should not be used without caution.
org.kohsuke.stapler.HttpResponse	doChangeToken(User u, org.kohsuke.stapler.StaplerResponse rsp)	Deprecated. use doGenerateNewToken(User, String) instead
org.kohsuke.stapler.HttpResponse	doGenerateNewToken(User u, String newTokenName)
org.kohsuke.stapler.HttpResponse	doRename(User u, String tokenUuid, String newName)
org.kohsuke.stapler.HttpResponse	doRevoke(User u, String tokenUuid)
org.kohsuke.stapler.HttpResponse	doRevokeAll(User u)
org.kohsuke.stapler.HttpResponse	doRevokeAllExcept(User u, String tokenUuid)
String	getDisplayName()	Human readable name of this kind of configurable object.
String	getNoLegacyToken()
UserPropertyCategory	getUserPropertyCategory()	Define the category for this user property descriptor.
boolean	hasCurrentUserRightToGenerateNewToken(User propertyOwner)
boolean	isStatisticsEnabled()
boolean	mustDisplayLegacyApiToken(User propertyOwner)
ApiTokenProperty	newInstance(User user)	New approach: API Token are generated only when a user request a new one.

Methods inherited from class hudson.model.UserPropertyDescriptor

getDescription, getUserPropertyCategoryAsString, isEnabled

Methods inherited from class hudson.model.Descriptor

addHelpFileRedirect, bindJSON, bindJSON, calcAutoCompleteSettings, calcFillSettings, configure, configure, configure, doHelp, doHelp, find, find, findByDescribableClassName, findById, getCategory, getCheckMethod, getCheckUrl, getConfigFile, getConfigPage, getCurrentDescriptorByNameUrl, getDescriptorFullUrl, getDescriptorUrl, getGlobalConfigPage, getGlobalPropertyType, getHelpFile, getHelpFile, getHelpFile, getId, getJsonSafeClassName, getKlass, getPlugin, getPossibleViewNames, getPropertyType, getPropertyType, getPropertyTypeOrDie, getRequiredGlobalConfigPagePermission, getStaticHelpUrl, getStaticHelpUrl, getT, getViewPage, isInstance, isSubTypeOf, load, newInstance, newInstance, newInstance, newInstancesFromHeteroList, newInstancesFromHeteroList, newInstancesFromHeteroList, newInstancesFromHeteroList, save, self, toArray, toList, toMap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DescriptorImpl

public DescriptorImpl()

Method Details

getDisplayName

@NonNull
public String getDisplayName()

Description copied from class: Descriptor

Human readable name of this kind of configurable object. Should be overridden for most descriptors, if the display name is visible somehow. As a fallback it uses Class.getSimpleName() on Descriptor.clazz, so for example MyThing from some.pkg.MyThing.DescriptorImpl. Historically some implementations returned null as a way of hiding the descriptor from the UI, but this is generally managed by an explicit method such as isEnabled or isApplicable.

Overrides:

getDisplayName in class Descriptor<UserProperty>

getNoLegacyToken

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public String getNoLegacyToken()

newInstance

public ApiTokenProperty newInstance(User user)

New approach: API Token are generated only when a user request a new one. The value is randomly generated without any link to the user and only displayed to him the first time. We only store the hash for future comparisons. Legacy approach: When we are creating a default ApiTokenProperty for User, we need to make sure it yields the same value for the same user, because there's no guarantee that the property is saved. But we also need to make sure that an attacker won't be able to guess the initial API token value. So we take the seed by hashing the secret + user ID.

Specified by:

newInstance in class UserPropertyDescriptor

Returns:

null if the implementation choose not to add any property object for such user.

isStatisticsEnabled

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean isStatisticsEnabled()

mustDisplayLegacyApiToken

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean mustDisplayLegacyApiToken(User propertyOwner)

hasCurrentUserRightToGenerateNewToken

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean hasCurrentUserRightToGenerateNewToken(User propertyOwner)

doChangeToken

@Deprecated
public org.kohsuke.stapler.HttpResponse doChangeToken(@AncestorInPath
 User u,
 org.kohsuke.stapler.StaplerResponse rsp)
                                               throws IOException

Deprecated.

use doGenerateNewToken(User, String) instead

Throws:

IOException

doGenerateNewToken

public org.kohsuke.stapler.HttpResponse doGenerateNewToken(@AncestorInPath
 User u,
 @QueryParameter
 String newTokenName)
                                                    throws IOException

Throws:

IOException

doAddFixedToken

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doAddFixedToken(@AncestorInPath
 User u,
 @QueryParameter
 String newTokenName,
 @QueryParameter
 String newTokenPlainValue)
                                                 throws IOException

This method is dangerous and should not be used without caution. The token passed here could have been tracked by different network system during its trip. It is recommended to revoke this token after the generation of a new one.

Throws:

IOException

doRename

public org.kohsuke.stapler.HttpResponse doRename(@AncestorInPath
 User u,
 @QueryParameter
 String tokenUuid,
 @QueryParameter
 String newName)
                                          throws IOException

Throws:

IOException

doRevoke

public org.kohsuke.stapler.HttpResponse doRevoke(@AncestorInPath
 User u,
 @QueryParameter
 String tokenUuid)
                                          throws IOException

Throws:

IOException

doRevokeAll

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doRevokeAll(@AncestorInPath
 User u)
                                             throws IOException

Throws:

IOException

doRevokeAllExcept

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doRevokeAllExcept(@AncestorInPath
 User u,
 @QueryParameter
 String tokenUuid)
                                                   throws IOException

Throws:

IOException

getUserPropertyCategory

@NonNull
public UserPropertyCategory getUserPropertyCategory()

Description copied from class: UserPropertyDescriptor

Define the category for this user property descriptor.

Overrides:

getUserPropertyCategory in class UserPropertyDescriptor

Returns:

never null, always the same value for a given instance of Descriptor.