/** * Because servlet containers generally don't specify the ordering of the initialization * (and different implementations indeed do this differently --- See HUDSON-3878), * we cannot use Hudson to the CrumbIssuer into CrumbFilter eagerly. */ public CrumbIssuer getCrumbIssuer() { Jenkins h = Jenkins.getInstanceOrNull(); if(h==null) return null; // before Jenkins is initialized? return h.getCrumbIssuer(); }
@Override public boolean isActivated() { return Jenkins.get().getCrumbIssuer() == null; } }
public static String getCrumb(StaplerRequest req) { Jenkins h = Jenkins.getInstanceOrNull(); CrumbIssuer issuer = h != null ? h.getCrumbIssuer() : null; return issuer != null ? issuer.getCrumb(req) : ""; }
public static String getCrumbRequestField() { Jenkins h = Jenkins.getInstanceOrNull(); CrumbIssuer issuer = h != null ? h.getCrumbIssuer() : null; return issuer != null ? issuer.getDescriptor().getCrumbRequestField() : ""; }
@Override public String issueCrumb(StaplerRequest request) { CrumbIssuer ci = Jenkins.getInstance().getCrumbIssuer(); return ci!=null ? ci.getCrumb(request) : DEFAULT.issueCrumb(request); }
@Override public void validateCrumb(StaplerRequest request, String submittedCrumb) { CrumbIssuer ci = Jenkins.getInstance().getCrumbIssuer(); if (ci==null) { DEFAULT.validateCrumb(request,submittedCrumb); } else { if (!ci.validateCrumb(request, ci.getDescriptor().getCrumbSalt(), submittedCrumb)) throw new SecurityException("Crumb didn't match"); } } });
@RequirePOST @Restricted(NoExternalUse.class) public HttpResponse doConfigureInstance(StaplerRequest req, @QueryParameter String rootUrl) { Jenkins.get().checkPermission(Jenkins.ADMINISTER); Map<String, String> errors = new HashMap<>(); // pre-check data checkRootUrl(errors, rootUrl); if(!errors.isEmpty()){ return HttpResponses.errorJSON(Messages.SetupWizard_ConfigureInstance_ValidationErrors(), errors); } // use the parameters to configure the instance useRootUrl(errors, rootUrl); if(!errors.isEmpty()){ return HttpResponses.errorJSON(Messages.SetupWizard_ConfigureInstance_ValidationErrors(), errors); } InstallUtil.proceedToNextStateFrom(InstallState.CONFIGURE_INSTANCE); CrumbIssuer crumbIssuer = Jenkins.get().getCrumbIssuer(); JSONObject data = new JSONObject(); if (crumbIssuer != null) { data.accumulate("crumbRequestField", crumbIssuer.getCrumbRequestField()).accumulate("crumb", crumbIssuer.getCrumb(req)); } return HttpResponses.okJSON(data); }
/** * Do a finger-print check. */ @RequirePOST public void doDoFingerprintCheck( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { // Parse the request try (MultipartFormDataParser p = new MultipartFormDataParser(req)) { if (isUseCrumbs() && !getCrumbIssuer().validateCrumb(req, p)) { // TODO investigate whether this check can be removed rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "No crumb found"); } rsp.sendRedirect2(req.getContextPath()+"/fingerprint/"+ Util.getDigestOf(p.getFileItem("name").getInputStream())+'/'); } }
CrumbIssuer crumbIssuer = Jenkins.getInstance().getCrumbIssuer(); JSONObject data = new JSONObject(); if (crumbIssuer != null) {
@Override public boolean isActivated() { return Jenkins.getInstance().getCrumbIssuer() == null; } }
/** * Because servlet containers generally don't specify the ordering of the initialization * (and different implementations indeed do this differently --- See HUDSON-3878), * we cannot use Hudson to the CrumbIssuer into CrumbFilter eagerly. */ public CrumbIssuer getCrumbIssuer() { Jenkins h = Jenkins.getInstanceOrNull(); if(h==null) return null; // before Jenkins is initialized? return h.getCrumbIssuer(); }
public static String getCrumb(StaplerRequest req) { Jenkins h = Jenkins.getInstanceOrNull(); CrumbIssuer issuer = h != null ? h.getCrumbIssuer() : null; return issuer != null ? issuer.getCrumb(req) : ""; }
private NameValuePair getCrumbHeaderNVP() { return new NameValuePair(jenkins.getCrumbIssuer().getDescriptor().getCrumbRequestField(), jenkins.getCrumbIssuer().getCrumb( null )); } }
/** * Adds a security crumb to the quest */ public WebRequest addCrumb(WebRequest req) { com.gargoylesoftware.htmlunit.util.NameValuePair crumb = new com.gargoylesoftware.htmlunit.util.NameValuePair( jenkins.getCrumbIssuer().getDescriptor().getCrumbRequestField(), jenkins.getCrumbIssuer().getCrumb( null )); req.setRequestParameters(Arrays.asList( crumb )); return req; }
/** * Creates a URL with crumb parameters relative to {{@link #getContextPath()} */ public URL createCrumbedUrl(String relativePath) throws IOException { CrumbIssuer issuer = jenkins.getCrumbIssuer(); String crumbName = issuer.getDescriptor().getCrumbRequestField(); String crumb = issuer.getCrumb(null); if (relativePath.indexOf('?') == -1) { return new URL(getContextPath()+relativePath+"?"+crumbName+"="+crumb); } return new URL(getContextPath()+relativePath+"&"+crumbName+"="+crumb); }
public static String getCrumbRequestField() { Jenkins h = Jenkins.getInstanceOrNull(); CrumbIssuer issuer = h != null ? h.getCrumbIssuer() : null; return issuer != null ? issuer.getDescriptor().getCrumbRequestField() : ""; }
@Override public String issueCrumb(StaplerRequest request) { CrumbIssuer ci = Jenkins.getInstance().getCrumbIssuer(); return ci!=null ? ci.getCrumb(request) : DEFAULT.issueCrumb(request); }
/** * Creates a URL with crumb parameters relative to {{@link #getContextPath()} */ public URL createCrumbedUrl(String relativePath) throws IOException { CrumbIssuer issuer = jenkins.getCrumbIssuer(); String crumbName = issuer.getDescriptor().getCrumbRequestField(); String crumb = issuer.getCrumb(null); return new URL(getContextPath()+relativePath+"?"+crumbName+"="+crumb); }
@Override public void validateCrumb(StaplerRequest request, String submittedCrumb) { CrumbIssuer ci = Jenkins.getInstance().getCrumbIssuer(); if (ci==null) { DEFAULT.validateCrumb(request,submittedCrumb); } else { if (!ci.validateCrumb(request, ci.getDescriptor().getCrumbSalt(), submittedCrumb)) throw new SecurityException("Crumb didn't match"); } } });
/** * Do a finger-print check. */ @RequirePOST public void doDoFingerprintCheck( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { // Parse the request try (MultipartFormDataParser p = new MultipartFormDataParser(req)) { if (isUseCrumbs() && !getCrumbIssuer().validateCrumb(req, p)) { // TODO investigate whether this check can be removed rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "No crumb found"); } rsp.sendRedirect2(req.getContextPath()+"/fingerprint/"+ Util.getDigestOf(p.getFileItem("name").getInputStream())+'/'); } }