Package jenkins.security.stapler

Class StaplerDispatchValidator

java.lang.Object

jenkins.security.stapler.StaplerDispatchValidator

All Implemented Interfaces:

org.kohsuke.stapler.DispatchValidator

@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class StaplerDispatchValidator
extends Object
implements org.kohsuke.stapler.DispatchValidator

Validates views dispatched by Stapler. This validation consists of two phases:

• Before views are loaded, the model class is checked for StaplerViews/StaplerFragments along with whitelist entries specified by the default views whitelist and the optionally defined whitelist specified by the system property jenkins.security.stapler.StaplerDispatchValidator.whitelist. Then, the model class's superclass and interfaces are recursively inspected adding views and fragments that do not conflict with the views and fragments already declared. This effectively allows model classes to override parent classes.
• Before views write any response output, this validator is checked to see if the view has declared itself dispatchable using the l:view Jelly tag. As this validation comes later, annotations will take precedence over the use or lack of a layout tag.

Validation can be disabled by setting the system property jenkins.security.stapler.StaplerDispatchValidator.disabled=true or setting DISABLED to true in the script console.

Since:

2.176.2 / 2.186

Field Summary

Fields

Modifier and Type	Field	Description
static boolean	DISABLED	Escape hatch to disable dispatch validation.

Fields inherited from interface org.kohsuke.stapler.DispatchValidator

DEFAULT

Constructor Summary

Constructors

Constructor	Description
StaplerDispatchValidator()

Method Summary

Modifier and Type	Method	Description
void	allowDispatch(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)
Boolean	isDispatchAllowed(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)
Boolean	isDispatchAllowed(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp, String viewName, Object node)
void	requireDispatchAllowed(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DISABLED

public static boolean DISABLED

Escape hatch to disable dispatch validation.

Constructor Details

StaplerDispatchValidator

public StaplerDispatchValidator()

Method Details

isDispatchAllowed

@CheckForNull
public Boolean isDispatchAllowed(@NonNull
 org.kohsuke.stapler.StaplerRequest req,
 @NonNull
 org.kohsuke.stapler.StaplerResponse rsp)

Specified by:

isDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator

isDispatchAllowed

@CheckForNull
public Boolean isDispatchAllowed(@NonNull
 org.kohsuke.stapler.StaplerRequest req,
 @NonNull
 org.kohsuke.stapler.StaplerResponse rsp,
 @NonNull
 String viewName,
 @CheckForNull
 Object node)

Specified by:

isDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator

allowDispatch

public void allowDispatch(@NonNull
 org.kohsuke.stapler.StaplerRequest req,
 @NonNull
 org.kohsuke.stapler.StaplerResponse rsp)

Specified by:

allowDispatch in interface org.kohsuke.stapler.DispatchValidator

requireDispatchAllowed

public void requireDispatchAllowed(@NonNull
 org.kohsuke.stapler.StaplerRequest req,
 @NonNull
 org.kohsuke.stapler.StaplerResponse rsp)
                            throws org.kohsuke.stapler.CancelRequestHandlingException

Specified by:

requireDispatchAllowed in interface org.kohsuke.stapler.DispatchValidator

Throws:

org.kohsuke.stapler.CancelRequestHandlingException