SecureRequester (Jenkins core 2.303 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

All Superinterfaces:

ExtensionPoint

All Known Implementing Classes:

SecureRequester.Default
```
public interface SecureRequester
extends ExtensionPoint
```
An extension point for authorizing REST API access to an object where an unsafe result type would be produced. Both JSONP and XPath with primitive result sets are considered unsafe due to CSRF attacks. A default implementation allows requests if a deprecated system property is set, or if Jenkins is unsecured anyway, but plugins may offer implementations which authorize scripted clients, requests from inside a trusted domain, etc.

Since:

1.537

See Also:

Api

Nested Class Summary

Nested Classes
Modifier and Type Interface and Description

static class SecureRequester.Default
- Nested classes/interfaces inherited from interface hudson.ExtensionPoint
  ExtensionPoint.LegacyInstancesAreScopedToHudson

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`boolean`	`permit(org.kohsuke.stapler.StaplerRequest req, Object bean)` Checks if a Jenkins object can be accessed by a given REST request.

- Method Detail
  - permit
```
boolean permit(org.kohsuke.stapler.StaplerRequest req,
               Object bean)
```
    Checks if a Jenkins object can be accessed by a given REST request. For instance, if the StaplerRequest.getReferer() matches a given host, or anonymous read is allowed for the given object.
    
    Parameters:
    
    req - a request going through the REST API
    
    bean - an exported object of some kind
    
    Returns:
    
    true if this requester should be trusted, false to reject

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2004–2021. All rights reserved.