public abstract class CredentialsStore extends Object implements AccessControlled, Saveable
Credentials
. Each CredentialsStore
is associated with one and only one
CredentialsProvider
though a CredentialsProvider
may provide multiple CredentialsStore
s
(for example a folder scoped CredentialsProvider
may provide a CredentialsStore
for each folder
or a user scoped CredentialsProvider
may provide a CredentialsStore
for each user).Constructor and Description |
---|
CredentialsStore()
Constructor that auto-detects the
CredentialsProvider that this CredentialsStore is associated
with by examining the outer classes until an outer class that implements CredentialsProvider is found. |
CredentialsStore(Class<? extends CredentialsProvider> providerClass)
Constructor for use when the
CredentialsStore is not an inner class of its CredentialsProvider . |
Modifier and Type | Method and Description |
---|---|
protected boolean |
_isApplicable(Descriptor<?> descriptor)
CredentialsStore subtypes can override this method to veto some Descriptor s
from being available from their store. |
abstract boolean |
addCredentials(Domain domain,
Credentials credentials)
|
boolean |
addDomain(Domain domain,
Credentials... credentials)
Adds a new
Domain with seed credentials. |
boolean |
addDomain(Domain domain,
List<Credentials> credentials)
Adds a new
Domain with seed credentials. |
void |
checkPermission(Permission p)
Checks if the current security principal has this permission.
|
ACL |
getACL() |
abstract ModelObject |
getContext()
Returns the context within which this store operates.
|
String |
getContextDisplayName()
Returns the display name of the
getContext() of this CredentialsStore . |
abstract List<Credentials> |
getCredentials(Domain domain)
Returns an unmodifiable list of credentials for the specified domain.
|
List<CredentialsDescriptor> |
getCredentialsDescriptors()
Returns the list of
CredentialsDescriptor instances that are applicable within this
CredentialsStore . |
Domain |
getDomainByName(String name)
Retrieves the domain with the matching name.
|
List<Domain> |
getDomains()
Returns all the
Domain s that this credential provider has. |
CredentialsProvider |
getProvider()
Returns the
CredentialsProvider . |
CredentialsProvider |
getProviderOrDie()
Returns the
CredentialsProvider or dies trying. |
String |
getRelativeLinkTo(Domain domain)
Computes the relative path from the current page to the specified domain.
|
String |
getRelativeLinkToAction()
Computes the relative path from the current page to this store.
|
String |
getRelativeLinkToContext()
Computes the relative path from the current page to this store.
|
Set<CredentialsScope> |
getScopes()
Returns the
CredentialsScope instances that are applicable to this store. |
CredentialsStoreAction |
getStoreAction()
Return the
CredentialsStoreAction for this store. |
abstract boolean |
hasPermission(Authentication a,
Permission permission)
Checks if the given principle has the given permission.
|
boolean |
hasPermission(Permission p)
Checks if the current security principal has this permission.
|
boolean |
isApplicable(Descriptor<?> descriptor)
Determines if the specified
Descriptor is applicable to this CredentialsStore . |
boolean |
isDomainsModifiable()
Identifies whether this
CredentialsStore supports making changes to the list of domains or
whether it only supports a fixed set of domains (which may only be one domain). |
abstract boolean |
removeCredentials(Domain domain,
Credentials credentials)
|
boolean |
removeDomain(Domain domain)
Removes an existing
Domain and all associated Credentials . |
void |
save()
Persists the state of this object into XML.
|
abstract boolean |
updateCredentials(Domain domain,
Credentials current,
Credentials replacement)
Updates the specified
Credentials from the specified Domain for this CredentialsStore with the supplied replacement. |
boolean |
updateDomain(Domain current,
Domain replacement)
Updates an existing
Domain keeping the existing associated Credentials . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
checkAnyPermission, hasAnyPermission
public CredentialsStore(Class<? extends CredentialsProvider> providerClass)
CredentialsStore
is not an inner class of its CredentialsProvider
.providerClass
- the CredentialsProvider
class.public CredentialsStore()
CredentialsProvider
that this CredentialsStore
is associated
with by examining the outer classes until an outer class that implements CredentialsProvider
is found.@NonNull public final CredentialsProvider getProviderOrDie()
CredentialsProvider
or dies trying.CredentialsProvider
@Nullable public final CredentialsProvider getProvider()
CredentialsProvider
.CredentialsProvider
(may be null
if the admin has removed the provider from
the ExtensionList
)@Nullable public final Set<CredentialsScope> getScopes()
CredentialsScope
instances that are applicable to this store.CredentialsScope
instances that are applicable to this store or null
if the store
instance is no longer enabled.@NonNull public abstract ModelObject getContext()
CredentialsScope.SYSTEM
is valid for the store) but will not be available to
parent contexts.public abstract boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission)
hasPermission
in interface AccessControlled
a
- the principle.permission
- the permission.false
if the user doesn't have the permission.public ACL getACL()
getACL
in interface AccessControlled
public final void checkPermission(@NonNull Permission p)
Note: This is just a convenience function.
checkPermission
in interface AccessControlled
AccessDeniedException
- if the user doesn't have the permission.public final boolean hasPermission(@NonNull Permission p)
hasPermission
in interface AccessControlled
false
if the user doesn't have the permission.@NonNull public List<Domain> getDomains()
Domain
s that this credential provider has.
Most implementers of CredentialsStore
will probably want to override this method.@CheckForNull public Domain getDomainByName(@CheckForNull String name)
name
- the name (or null
to match Domain.global()
as that is the domain with a null name)null
if there is no domain with the supplied name.public final boolean isDomainsModifiable()
CredentialsStore
supports making changes to the list of domains or
whether it only supports a fixed set of domains (which may only be one domain).
Note: in order for implementations to return true
all of the following methods must be overridden:
true
iff addDomain(Domain, List)
addDomain(Domain, Credentials...)
, removeDomain(Domain)
and updateDomain(Domain, Domain)
are expected to work@NonNull public abstract List<Credentials> getCredentials(@NonNull Domain domain)
domain
- the domain.Domain
) unmodifiable list of credentials for the
specified domain.public final boolean addDomain(@NonNull Domain domain, Credentials... credentials) throws IOException
Domain
with seed credentials.domain
- the domain.credentials
- the initial credentials with which to populate the domain.true
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public boolean addDomain(@NonNull Domain domain, List<Credentials> credentials) throws IOException
Domain
with seed credentials.domain
- the domain.credentials
- the initial credentials with which to populate the domain.true
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public boolean removeDomain(@NonNull Domain domain) throws IOException
Domain
and all associated Credentials
.domain
- the domain.true
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public boolean updateDomain(@NonNull Domain current, @NonNull Domain replacement) throws IOException
Domain
keeping the existing associated Credentials
.current
- the domain to update.replacement
- the new replacement domain.true
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public abstract boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException
domain
- the domain.credentials
- the credentialstrue
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public abstract boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException
domain
- the domain.credentials
- the credentialstrue
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public abstract boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials current, @NonNull Credentials replacement) throws IOException
Credentials
from the specified Domain
for this CredentialsStore
with the supplied replacement.domain
- the domain.current
- the credentials to update.replacement
- the new replacement credentials.true
if the CredentialsStore
was modified.IOException
- if the change could not be persisted.public final boolean isApplicable(Descriptor<?> descriptor)
Descriptor
is applicable to this CredentialsStore
.
The default implementation consults the DescriptorVisibilityFilter
s, _isApplicable(Descriptor)
and the getProviderOrDie()
.
descriptor
- the Descriptor
to check.true
if the supplied Descriptor
is applicable in this CredentialsStore
protected boolean _isApplicable(Descriptor<?> descriptor)
CredentialsStore
subtypes can override this method to veto some Descriptor
s
from being available from their store. This is often useful when you are building
a custom store that holds a specific type of credentials or where you want to limit the
number of choices given to the users.descriptor
- the Descriptor
to check.true
if the supplied Descriptor
is applicable in this CredentialsStore
public final List<CredentialsDescriptor> getCredentialsDescriptors()
CredentialsDescriptor
instances that are applicable within this
CredentialsStore
.CredentialsDescriptor
instances that are applicable within this
CredentialsStore
.@CheckForNull public String getRelativeLinkToContext()
null
@CheckForNull public String getRelativeLinkToAction()
null
@CheckForNull public String getRelativeLinkTo(Domain domain)
domain
- the domainnull
public final String getContextDisplayName()
getContext()
of this CredentialsStore
. The default
implementation can handle both Item
and ItemGroup
as long as these are accessible from
Jenkins
, and User
. If the CredentialsStore
provides an alternative
getContext()
that is outside of the normal tree then that implementation is responsible for
overriding this method to produce the correct display name.@Nullable public CredentialsStoreAction getStoreAction()
CredentialsStoreAction
for this store. The action will be displayed as a sub-item of the
ViewCredentialsAction
. Return null
if this store will take control of displaying its action
(which will be the case for legacy implementations)CredentialsStoreAction
for this store to be rendered in ViewCredentialsAction
or
null
for old implementations compiled against pre 2.0 versions of credentials plugin.public void save() throws IOException
getContext()
if it
implements Saveable
otherwise dropping back to a no-op.save
in interface Saveable
IOException
Saveable.save()
Copyright © 2016–2021. All rights reserved.