- All Superinterfaces:
- All Known Implementing Classes:
public interface SecureRequester extends ExtensionPointAn extension point for authorizing REST API access to an object where an unsafe result type would be produced. Both JSONP and XPath with primitive result sets are considered unsafe due to CSRF attacks. A default implementation allows requests if a deprecated system property is set, or if Jenkins is unsecured anyway, but plugins may offer implementations which authorize scripted clients, requests from inside a trusted domain, etc.
- See Also:
boolean permit(org.kohsuke.stapler.StaplerRequest req, Object bean)Checks if a Jenkins object can be accessed by a given REST request. For instance, if the
StaplerRequest.getReferer()matches a given host, or anonymous read is allowed for the given object.
req- a request going through the REST API
bean- an exported object of some kind
- true if this requester should be trusted, false to reject