jenkins.security

Class ApiTokenProperty

java.lang.Object

hudson.model.UserProperty

jenkins.security.ApiTokenProperty

All Implemented Interfaces:

ExtensionPoint, Describable<UserProperty>, ReconfigurableDescribable<UserProperty>

public class ApiTokenProperty
extends UserProperty

Remembers the API token for this user, that can be used like a password to login.

Since:

1.426

Author:

Kohsuke Kawaguchi

See Also:

ApiTokenFilter

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ApiTokenProperty.DescriptorImpl
static class	ApiTokenProperty.TokenInfoAndStats

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field and Description
static HMACConfidentialKey	API_KEY_SEED Deprecated.

Fields inherited from class hudson.model.UserProperty

user

Constructor Summary

Constructors

Constructor and Description
ApiTokenProperty()

Method Summary

Modifier and Type	Method and Description
void	changeApiToken() Deprecated. Each token can be revoked now and new tokens can be requested without altering existing ones.
void	deleteApiToken() Does not revoke the token stored in the store
String	getApiToken() Gets the API token.
Collection<ApiTokenProperty.TokenInfoAndStats>	getTokenList()
ApiTokenStats	getTokenStats()
ApiTokenStore	getTokenStore()
boolean	hasLegacyToken() Determine if the legacy token is still present
boolean	matchesPassword(String token)
UserProperty	reconfigure(org.kohsuke.stapler.StaplerRequest req, net.sf.json.JSONObject form) Allow user to rename tokens
protected void	setUser(User u)

Methods inherited from class hudson.model.UserProperty

all, getDescriptor

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

API_KEY_SEED

@Deprecated
 @Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public static final HMACConfidentialKey API_KEY_SEED

Deprecated.

We don't want an API key that's too long, so cut the length to 16 (which produces 32-letter MAC code in hexdump)

Constructor Detail

ApiTokenProperty

@DataBoundConstructor
public ApiTokenProperty()

Method Detail

setUser

protected void setUser(User u)

Overrides:

setUser in class UserProperty

getApiToken

@Nonnull
public String getApiToken()

Gets the API token. The method performs security checks since 1.638. Only the current user and SYSTEM may see it. Users with Jenkins.ADMINISTER may be allowed to do it using SHOW_LEGACY_TOKEN_TO_ADMINS.

Returns:

API Token. Never null, but may be Messages.ApiTokenProperty_ChangeToken_TokenIsHidden() if the user has no appropriate permissions.

Since:

1.426, and since 1.638 the method performs security checks

hasLegacyToken

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean hasLegacyToken()

Determine if the legacy token is still present

matchesPassword

public boolean matchesPassword(String token)

getTokenList

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public Collection<ApiTokenProperty.TokenInfoAndStats> getTokenList()

reconfigure

public UserProperty reconfigure(org.kohsuke.stapler.StaplerRequest req,
                                @CheckForNull
                                net.sf.json.JSONObject form)
                         throws Descriptor.FormException

Allow user to rename tokens

Specified by:

reconfigure in interface ReconfigurableDescribable<UserProperty>

Overrides:

reconfigure in class UserProperty

Parameters:

req - The current HTTP request being processed.

form - JSON fragment that corresponds to this describable object. If the newly submitted form doesn't include a fragment for this describable (meaning the user has de-selected your descriptor), then this argument is null.

Returns:

The new instance. To not to create an instance of a describable, return null.

Throws:

Descriptor.FormException

changeApiToken

@Deprecated
public void changeApiToken()
                                throws IOException

Deprecated. Each token can be revoked now and new tokens can be requested without altering existing ones.

Only usable if the user still has the legacy API token.

Throws:

IOException

deleteApiToken

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public void deleteApiToken()

Does not revoke the token stored in the store

getTokenStore

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public ApiTokenStore getTokenStore()

getTokenStats

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public ApiTokenStats getTokenStats()