Bandana (Deprecated)

Available:	Confluence 2.2 and later
Changed:	From Confluence 3.3, apps can define their own contexts using the KeyedBandanaContext interface. From Confluence 7.10, apps need to configure allowlist to use Bandana for their classes to be serialised. From Confluence 10.0 (developer notes), Bandana is deprecated and read-only for migration purposes only.

Bandana is Atlassian's hierarchical key-value store for arbitrary Java objects. The concepts used in Bandana are very simple:

Bandana stores data in contexts. Confluence defines one global context and one context per space. The relevant class is ConfluenceBandanaContext. In Confluence 3.3 and later, plugins can define their own contexts using the KeyedBandanaContext interface.
Each context stores key-value pairs. The key is a String and the value can be any Object. It should typically implement Serializable. If the key or value types are defined within an app, the class should have a no-argument constructor to avoid class loading issues.

Based on this design, the BandanaManager has the following methods for storing and retrieving values from a context by key:

void setValue(BandanaContext context, String key, Object value) – store a value against a key in the Bandana context.
Object getValue(BandanaContext context, String key) – get a key's value from the Bandana context. Returns null if no matching context and key exists.
void removeValue(BandanaContext context, String key) – remove a key and value from the Bandana context (available in Confluence 3.3 and later).
Iterable<String> getKeys(BandanaContext context) – provides an iterable to allow enumeration of all keys within a context (available in Confluence 3.3 and later).

For apps that use a context not provided by the application, we recommend that you use a context for your Bandana values that includes the full package name of your plugin. For example, a theme app might use a context like org.acme.confluence.mytheme.importantPreference.

Serialization

By default, Bandana uses an XStream to convert objects into XML for storage. However, it is possible to provide your own method of serialization. If your BandanaContext implements the BandanaSerializerFactory interface (available in Confluence 3.3 and later), it will be used to create an serializer to serialize and deserialize your objects.

Data storage

Prior to Confluence 2.3, this XML was written to the filesystem in the Confluence home directory. The file config/confluence-global.bandana.xml stores the global context, and there is a file config/ spaceKey /confluence-space.bandana.xml with the configuration for each space. In Confluence 2.3 and later, Bandana data is written to the BANDANA table in the database, with three columns for context, key, and a serialized value.

Getting access to `BandanaManager`

To get access to the BandanaManager from your plugin code, normally you only need to include a private BandanaManager field with an associated constructor parameter. Spring will construct your object and pass in the required component.

1
2
@Scanned
public class MyMacro implements Macro {
    @ConfluenceImport
    private BandanaManager bandanaManager;

    public MyMacro(BandanaManager bandanaManager) {
        this.bandanaManager = bandanaManager;
    }

    // main method of macro
    public String execute(...) {
        // do stuff with bandanaManager
        return "...";
    }
}

Writing data:

1
2
bandanaManager.setValue(new ConfluenceBandanaContext(), GmapsManager.GOOGLE_MAPS_API_KEY, updateApiKey);

Retrieving data:

1
2
public String getGoogleApiKey(){
    return (String) bandanaManager.getValue(new ConfluenceBandanaContext(), GmapsManager.GOOGLE_MAPS_API_KEY);
}

Security configuration

Since Confluence 7.10, apps need to configure allowlist to use Bandana for their classes to be serialised.

Bandana uses XStream internally to serialise objects and XStream has an allowlist built-in to prevent serialised RCE. There are a few notable changes features since Confluence 7.10 regarding Bandana and XStream:

XStream works in blocklist mode since Confluence 7.10 with future plans to make allowlist the default mode.
xstream.allowlist.enable system property allows customers to enable the XStream allowlist and block everything by default. It is on by default in dev mode since 7.15.
Apps can use a xstream-security module in atlassian-plugin.xml to configure Confluence's XStream with types, regex or wildcards. We strongly recommend plugins implement this to avoid XStream restrictions if a customer configures Confluence to run in a more strict allowlist mode.

1
2
<xstream-security key = "xstream-set" name="Some XStream allowlist set">
    <type>com.atlassian.test.ExampleClass</type>
    <type>com.atlassian.test.AnotherExampleClass</type>
    <regex>com.atlassian.example.*</regex>
    <wildcard>com.some.package.**</wildcard>
</xstream-security>

These types, regex, or wildcards are in line with what XStream states in their documentation. For more information, see XStream - Security Aspects.