Package io.jenkins.plugins.chatbot

Class ChatbotRootAction

java.lang.Object

io.jenkins.plugins.chatbot.ChatbotRootAction

All Implemented Interfaces:

ExtensionPoint, Action, ModelObject, RootAction, UnprotectedRootAction

@Extension
public class ChatbotRootAction
extends Object
implements UnprotectedRootAction

ChatbotRootAction serves as the secure "Gatekeeper" proxy for the chatbot backend. This action: 1. Authenticates users via Jenkins' User.current() 2. Authorizes access by checking Jenkins.READ permission 3. Injects the authenticated user_id into request payloads 4. Proxies requests to the Python backend (localhost:8000) 5. Ensures session isolation per user Available at: JENKINS_URL/chatbot/api/chatbot/*

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ChatbotRootAction.ChatbotCrumbExclusion	CSRF Crumb Exclusion for the chatbot API.

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Constructor Summary

Constructors

Constructor	Description
ChatbotRootAction()

Method Summary

Modifier and Type	Method	Description
void	doDynamic(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp)	Main entry point for all chatbot API requests.
String	getDisplayName()
String	getIconFileName()
String	getUrlName()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ChatbotRootAction

public ChatbotRootAction()

Method Details

getIconFileName

public String getIconFileName()

Specified by:

getIconFileName in interface Action

getDisplayName

public String getDisplayName()

Specified by:

getDisplayName in interface Action

Specified by:

getDisplayName in interface ModelObject

getUrlName

public String getUrlName()

Specified by:

getUrlName in interface Action

doDynamic

public void doDynamic(org.kohsuke.stapler.StaplerRequest req,
 org.kohsuke.stapler.StaplerResponse rsp)
               throws IOException,
javax.servlet.ServletException

Main entry point for all chatbot API requests. Handles authentication, authorization, and proxying to Python backend. CSRF Protection: This endpoint is excluded from Jenkins CSRF protection via ChatbotRootAction.ChatbotCrumbExclusion because the frontend sends requests with Jenkins crumb tokens in headers. The Python backend validates session ownership per user_id, ensuring requests cannot be forged cross-user. Additionally, this endpoint only proxies to a fixed localhost backend URL, not user-specified URLs.

Parameters:

req - the Stapler request

rsp - the Stapler response

Throws:

IOException - if I/O error occurs

javax.servlet.ServletException - if servlet error occurs