Class CredentialsStore
java.lang.Object
com.cloudbees.plugins.credentials.CredentialsStore
- All Implemented Interfaces:
Saveable
,AccessControlled
- Direct Known Subclasses:
SystemCredentialsProvider.StoreImpl
,UserCredentialsProvider.StoreImpl
A store of
Credentials
. Each CredentialsStore
is associated with one and only one
CredentialsProvider
though a CredentialsProvider
may provide multiple CredentialsStore
s
(for example a folder scoped CredentialsProvider
may provide a CredentialsStore
for each folder
or a user scoped CredentialsProvider
may provide a CredentialsStore
for each user).- Since:
- 1.8
- Author:
- Stephen Connolly
-
Field Summary
-
Constructor Summary
ConstructorDescriptionConstructor that auto-detects theCredentialsProvider
that thisCredentialsStore
is associated with by examining the outer classes until an outer class that implementsCredentialsProvider
is found.CredentialsStore
(Class<? extends CredentialsProvider> providerClass) Constructor for use when theCredentialsStore
is not an inner class of itsCredentialsProvider
. -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
_isApplicable
(Descriptor<?> descriptor) CredentialsStore
subtypes can override this method to veto someDescriptor
s from being available from their store.abstract boolean
addCredentials
(Domain domain, Credentials credentials) final boolean
addDomain
(Domain domain, Credentials... credentials) Adds a newDomain
with seed credentials.boolean
addDomain
(Domain domain, List<Credentials> credentials) Adds a newDomain
with seed credentials.final void
Checks if the current security principal has this permission.getACL()
abstract ModelObject
Returns the context within which this store operates.final String
Returns the display name of thegetContext()
of thisCredentialsStore
.abstract List<Credentials>
getCredentials
(Domain domain) Returns an unmodifiable list of credentials for the specified domain.final List<CredentialsDescriptor>
Returns the list ofCredentialsDescriptor
instances that are applicable within thisCredentialsStore
.Resolves a display name from the StoregetDomainByName
(String name) Retrieves the domain with the matching name.Returns all theDomain
s that this credential provider has.final CredentialsProvider
Returns theCredentialsProvider
.final CredentialsProvider
Returns theCredentialsProvider
or dies trying.getRelativeLinkTo
(Domain domain) Computes the relative path from the current page to the specified domain.Computes the relative path from the current page to this store.Computes the relative path from the current page to this store.final Set<CredentialsScope>
Returns theCredentialsScope
instances that are applicable to this store.Return theCredentialsStoreAction
for this store.final boolean
Checks if the current security principal has this permission.boolean
hasPermission
(Authentication a, Permission permission) Deprecated.boolean
hasPermission2
(org.springframework.security.core.Authentication a, Permission permission) Checks if the given principle has the given permission.final boolean
isApplicable
(Descriptor<?> descriptor) Determines if the specifiedDescriptor
is applicable to thisCredentialsStore
.final boolean
Identifies whether thisCredentialsStore
supports making changes to the list of domains or whether it only supports a fixed set of domains (which may only be one domain).abstract boolean
removeCredentials
(Domain domain, Credentials credentials) boolean
removeDomain
(Domain domain) Removes an existingDomain
and all associatedCredentials
.void
save()
Persists the state of this object into XML.abstract boolean
updateCredentials
(Domain domain, Credentials current, Credentials replacement) Updates the specifiedCredentials
from the specifiedDomain
for thisCredentialsStore
with the supplied replacement.boolean
updateDomain
(Domain current, Domain replacement) Updates an existingDomain
keeping the existing associatedCredentials
.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface hudson.security.AccessControlled
checkAnyPermission, hasAnyPermission
-
Constructor Details
-
CredentialsStore
Constructor for use when theCredentialsStore
is not an inner class of itsCredentialsProvider
.- Parameters:
providerClass
- theCredentialsProvider
class.- Since:
- 2.0
-
CredentialsStore
public CredentialsStore()Constructor that auto-detects theCredentialsProvider
that thisCredentialsStore
is associated with by examining the outer classes until an outer class that implementsCredentialsProvider
is found.- Since:
- 2.0
-
-
Method Details
-
getProviderOrDie
Returns theCredentialsProvider
or dies trying.- Returns:
- the
CredentialsProvider
- Since:
- 2.0
-
getProvider
Returns theCredentialsProvider
.- Returns:
- the
CredentialsProvider
(may benull
if the admin has removed the provider from theExtensionList
) - Since:
- 2.0
-
getScopes
Returns theCredentialsScope
instances that are applicable to this store.- Returns:
- the
CredentialsScope
instances that are applicable to this store ornull
if the store instance is no longer enabled. - Since:
- 2.1.5
-
getContext
Returns the context within which this store operates. Credentials in this store will be available to child contexts (unlessCredentialsScope.SYSTEM
is valid for the store) but will not be available to parent contexts.- Returns:
- the context within which this store operates.
-
hasPermission
Deprecated.UsehasPermission2(Authentication, Permission)
instead.- Specified by:
hasPermission
in interfaceAccessControlled
-
hasPermission2
public boolean hasPermission2(@NonNull org.springframework.security.core.Authentication a, @NonNull Permission permission) Checks if the given principle has the given permission.- Specified by:
hasPermission2
in interfaceAccessControlled
- Parameters:
a
- the principle.permission
- the permission.- Returns:
false
if the user doesn't have the permission.- Since:
- TODO
-
getACL
- Specified by:
getACL
in interfaceAccessControlled
-
checkPermission
Checks if the current security principal has this permission.Note: This is just a convenience function.
- Specified by:
checkPermission
in interfaceAccessControlled
- Throws:
AccessDeniedException3
- if the user doesn't have the permission.
-
hasPermission
Checks if the current security principal has this permission.- Specified by:
hasPermission
in interfaceAccessControlled
- Returns:
false
if the user doesn't have the permission.
-
getDomains
Returns all theDomain
s that this credential provider has. Most implementers ofCredentialsStore
will probably want to override this method.- Returns:
- the list of domains.
-
getDomainByName
Retrieves the domain with the matching name.- Parameters:
name
- the name (ornull
to matchDomain.global()
as that is the domain with a null name)- Returns:
- the domain or
null
if there is no domain with the supplied name. - Since:
- 2.1.1
-
isDomainsModifiable
public final boolean isDomainsModifiable()Identifies whether thisCredentialsStore
supports making changes to the list of domains or whether it only supports a fixed set of domains (which may only be one domain).Note: in order for implementations to return
true
all of the following methods must be overridden:- Returns:
true
iffaddDomain(Domain, List)
addDomain(Domain, Credentials...)
,removeDomain(Domain)
andupdateDomain(Domain, Domain)
are expected to work
-
getCredentials
Returns an unmodifiable list of credentials for the specified domain.- Parameters:
domain
- the domain.- Returns:
- the possibly empty (e.g. for an unknown
Domain
) unmodifiable list of credentials for the specified domain.
-
addDomain
public final boolean addDomain(@NonNull Domain domain, Credentials... credentials) throws IOException Adds a newDomain
with seed credentials.- Parameters:
domain
- the domain.credentials
- the initial credentials with which to populate the domain.- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
addDomain
Adds a newDomain
with seed credentials.- Parameters:
domain
- the domain.credentials
- the initial credentials with which to populate the domain.- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
removeDomain
Removes an existingDomain
and all associatedCredentials
.- Parameters:
domain
- the domain.- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
updateDomain
public boolean updateDomain(@NonNull Domain current, @NonNull Domain replacement) throws IOException Updates an existingDomain
keeping the existing associatedCredentials
.- Parameters:
current
- the domain to update.replacement
- the new replacement domain.- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
addCredentials
public abstract boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException - Parameters:
domain
- the domain.credentials
- the credentials- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
removeCredentials
public abstract boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException - Parameters:
domain
- the domain.credentials
- the credentials- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
updateCredentials
public abstract boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials current, @NonNull Credentials replacement) throws IOException Updates the specifiedCredentials
from the specifiedDomain
for thisCredentialsStore
with the supplied replacement.- Parameters:
domain
- the domain.current
- the credentials to update.replacement
- the new replacement credentials.- Returns:
true
if theCredentialsStore
was modified.- Throws:
IOException
- if the change could not be persisted.
-
isApplicable
Determines if the specifiedDescriptor
is applicable to thisCredentialsStore
.The default implementation consults the
DescriptorVisibilityFilter
s,_isApplicable(Descriptor)
and thegetProviderOrDie()
.- Parameters:
descriptor
- theDescriptor
to check.- Returns:
true
if the suppliedDescriptor
is applicable in thisCredentialsStore
- Since:
- 2.0
-
_isApplicable
CredentialsStore
subtypes can override this method to veto someDescriptor
s from being available from their store. This is often useful when you are building a custom store that holds a specific type of credentials or where you want to limit the number of choices given to the users.- Parameters:
descriptor
- theDescriptor
to check.- Returns:
true
if the suppliedDescriptor
is applicable in thisCredentialsStore
- Since:
- 2.0
-
getCredentialsDescriptors
Returns the list ofCredentialsDescriptor
instances that are applicable within thisCredentialsStore
.- Returns:
- the list of
CredentialsDescriptor
instances that are applicable within thisCredentialsStore
. - Since:
- 2.0
-
getRelativeLinkToContext
Computes the relative path from the current page to this store.- Returns:
- the relative path from the current page or
null
- Since:
- 2.0
-
getRelativeLinkToAction
Computes the relative path from the current page to this store.- Returns:
- the relative path from the current page or
null
- Since:
- 2.0
-
getRelativeLinkTo
Computes the relative path from the current page to the specified domain.- Parameters:
domain
- the domain- Returns:
- the relative path from the current page or
null
- Since:
- 2.0
-
getContextDisplayName
Returns the display name of thegetContext()
of thisCredentialsStore
. The default implementation can handle bothItem
andItemGroup
as long as these are accessible fromJenkins
, andUser
. If theCredentialsStore
provides an alternativegetContext()
that is outside of the normal tree then that implementation is responsible for overriding this method to produce the correct display name.- Returns:
- the display name.
- Since:
- 2.0
-
getDisplayName
Resolves a display name from the Store- Returns:
- the display name
-
getStoreAction
Return theCredentialsStoreAction
for this store. The action will be displayed as a sub-item of theViewCredentialsAction
. Returnnull
if this store will take control of displaying its action (which will be the case for legacy implementations)- Returns:
- the
CredentialsStoreAction
for this store to be rendered inViewCredentialsAction
ornull
for old implementations compiled against pre 2.0 versions of credentials plugin. - Since:
- 2.0
-
save
Persists the state of this object into XML. Default implementation delegates togetContext()
if it implementsSaveable
otherwise dropping back to a no-op.- Specified by:
save
in interfaceSaveable
- Throws:
IOException
- Since:
- 2.1.9
- See Also:
-
hasPermission2(Authentication, Permission)
instead.