Class CredentialsStore

java.lang.Object
com.cloudbees.plugins.credentials.CredentialsStore
All Implemented Interfaces:
Saveable, AccessControlled
Direct Known Subclasses:
SystemCredentialsProvider.StoreImpl, UserCredentialsProvider.StoreImpl

public abstract class CredentialsStore extends Object implements AccessControlled, Saveable
A store of Credentials. Each CredentialsStore is associated with one and only one CredentialsProvider though a CredentialsProvider may provide multiple CredentialsStores (for example a folder scoped CredentialsProvider may provide a CredentialsStore for each folder or a user scoped CredentialsProvider may provide a CredentialsStore for each user).
Since:
1.8
Author:
Stephen Connolly
  • Constructor Details

  • Method Details

    • getProviderOrDie

      @NonNull public final CredentialsProvider getProviderOrDie()
      Returns the CredentialsProvider or dies trying.
      Returns:
      the CredentialsProvider
      Since:
      2.0
    • getProvider

      @Nullable public final CredentialsProvider getProvider()
      Returns the CredentialsProvider.
      Returns:
      the CredentialsProvider (may be null if the admin has removed the provider from the ExtensionList)
      Since:
      2.0
    • getScopes

      @Nullable public final Set<CredentialsScope> getScopes()
      Returns the CredentialsScope instances that are applicable to this store.
      Returns:
      the CredentialsScope instances that are applicable to this store or null if the store instance is no longer enabled.
      Since:
      2.1.5
    • getContext

      @NonNull public abstract ModelObject getContext()
      Returns the context within which this store operates. Credentials in this store will be available to child contexts (unless CredentialsScope.SYSTEM is valid for the store) but will not be available to parent contexts.
      Returns:
      the context within which this store operates.
    • hasPermission

      @Deprecated public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission)
      Specified by:
      hasPermission in interface AccessControlled
    • hasPermission2

      public boolean hasPermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull Permission permission)
      Checks if the given principle has the given permission.
      Specified by:
      hasPermission2 in interface AccessControlled
      Parameters:
      a - the principle.
      permission - the permission.
      Returns:
      false if the user doesn't have the permission.
      Since:
      TODO
    • getACL

      @NonNull public ACL getACL()
      Specified by:
      getACL in interface AccessControlled
    • checkPermission

      public final void checkPermission(@NonNull Permission p)
      Checks if the current security principal has this permission.

      Note: This is just a convenience function.

      Specified by:
      checkPermission in interface AccessControlled
      Throws:
      AccessDeniedException3 - if the user doesn't have the permission.
    • hasPermission

      public final boolean hasPermission(@NonNull Permission p)
      Checks if the current security principal has this permission.
      Specified by:
      hasPermission in interface AccessControlled
      Returns:
      false if the user doesn't have the permission.
    • getDomains

      @NonNull public List<Domain> getDomains()
      Returns all the Domains that this credential provider has. Most implementers of CredentialsStore will probably want to override this method.
      Returns:
      the list of domains.
    • getDomainByName

      @CheckForNull public Domain getDomainByName(@CheckForNull String name)
      Retrieves the domain with the matching name.
      Parameters:
      name - the name (or null to match Domain.global() as that is the domain with a null name)
      Returns:
      the domain or null if there is no domain with the supplied name.
      Since:
      2.1.1
    • isDomainsModifiable

      public final boolean isDomainsModifiable()
      Identifies whether this CredentialsStore supports making changes to the list of domains or whether it only supports a fixed set of domains (which may only be one domain).

      Note: in order for implementations to return true all of the following methods must be overridden:

      Returns:
      true iff addDomain(Domain, List) addDomain(Domain, Credentials...), removeDomain(Domain) and updateDomain(Domain, Domain) are expected to work
    • getCredentials

      @NonNull public abstract List<Credentials> getCredentials(@NonNull Domain domain)
      Returns an unmodifiable list of credentials for the specified domain.
      Parameters:
      domain - the domain.
      Returns:
      the possibly empty (e.g. for an unknown Domain) unmodifiable list of credentials for the specified domain.
    • addDomain

      public final boolean addDomain(@NonNull Domain domain, Credentials... credentials) throws IOException
      Adds a new Domain with seed credentials.
      Parameters:
      domain - the domain.
      credentials - the initial credentials with which to populate the domain.
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • addDomain

      public boolean addDomain(@NonNull Domain domain, List<Credentials> credentials) throws IOException
      Adds a new Domain with seed credentials.
      Parameters:
      domain - the domain.
      credentials - the initial credentials with which to populate the domain.
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • removeDomain

      public boolean removeDomain(@NonNull Domain domain) throws IOException
      Removes an existing Domain and all associated Credentials.
      Parameters:
      domain - the domain.
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • updateDomain

      public boolean updateDomain(@NonNull Domain current, @NonNull Domain replacement) throws IOException
      Updates an existing Domain keeping the existing associated Credentials.
      Parameters:
      current - the domain to update.
      replacement - the new replacement domain.
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • addCredentials

      public abstract boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException
      Adds the specified Credentials within the specified Domain for this CredentialsStore.
      Parameters:
      domain - the domain.
      credentials - the credentials
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • removeCredentials

      public abstract boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException
      Removes the specified Credentials from the specified Domain for this CredentialsStore.
      Parameters:
      domain - the domain.
      credentials - the credentials
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • updateCredentials

      public abstract boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials current, @NonNull Credentials replacement) throws IOException
      Updates the specified Credentials from the specified Domain for this CredentialsStore with the supplied replacement.
      Parameters:
      domain - the domain.
      current - the credentials to update.
      replacement - the new replacement credentials.
      Returns:
      true if the CredentialsStore was modified.
      Throws:
      IOException - if the change could not be persisted.
    • isApplicable

      public final boolean isApplicable(Descriptor<?> descriptor)
      Determines if the specified Descriptor is applicable to this CredentialsStore.

      The default implementation consults the DescriptorVisibilityFilters, _isApplicable(Descriptor) and the getProviderOrDie().

      Parameters:
      descriptor - the Descriptor to check.
      Returns:
      true if the supplied Descriptor is applicable in this CredentialsStore
      Since:
      2.0
    • _isApplicable

      protected boolean _isApplicable(Descriptor<?> descriptor)
      CredentialsStore subtypes can override this method to veto some Descriptors from being available from their store. This is often useful when you are building a custom store that holds a specific type of credentials or where you want to limit the number of choices given to the users.
      Parameters:
      descriptor - the Descriptor to check.
      Returns:
      true if the supplied Descriptor is applicable in this CredentialsStore
      Since:
      2.0
    • getCredentialsDescriptors

      public final List<CredentialsDescriptor> getCredentialsDescriptors()
      Returns the list of CredentialsDescriptor instances that are applicable within this CredentialsStore.
      Returns:
      the list of CredentialsDescriptor instances that are applicable within this CredentialsStore.
      Since:
      2.0
    • getRelativeLinkToContext

      @CheckForNull public String getRelativeLinkToContext()
      Computes the relative path from the current page to this store.
      Returns:
      the relative path from the current page or null
      Since:
      2.0
    • getRelativeLinkToAction

      @CheckForNull public String getRelativeLinkToAction()
      Computes the relative path from the current page to this store.
      Returns:
      the relative path from the current page or null
      Since:
      2.0
    • getRelativeLinkTo

      @CheckForNull public String getRelativeLinkTo(Domain domain)
      Computes the relative path from the current page to the specified domain.
      Parameters:
      domain - the domain
      Returns:
      the relative path from the current page or null
      Since:
      2.0
    • getContextDisplayName

      public final String getContextDisplayName()
      Returns the display name of the getContext() of this CredentialsStore. The default implementation can handle both Item and ItemGroup as long as these are accessible from Jenkins, and User. If the CredentialsStore provides an alternative getContext() that is outside of the normal tree then that implementation is responsible for overriding this method to produce the correct display name.
      Returns:
      the display name.
      Since:
      2.0
    • getDisplayName

      public String getDisplayName()
      Resolves a display name from the Store
      Returns:
      the display name
    • getStoreAction

      @Nullable public CredentialsStoreAction getStoreAction()
      Return the CredentialsStoreAction for this store. The action will be displayed as a sub-item of the ViewCredentialsAction. Return null if this store will take control of displaying its action (which will be the case for legacy implementations)
      Returns:
      the CredentialsStoreAction for this store to be rendered in ViewCredentialsAction or null for old implementations compiled against pre 2.0 versions of credentials plugin.
      Since:
      2.0
    • save

      public void save() throws IOException
      Persists the state of this object into XML. Default implementation delegates to getContext() if it implements Saveable otherwise dropping back to a no-op.
      Specified by:
      save in interface Saveable
      Throws:
      IOException
      Since:
      2.1.9
      See Also: