diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-04-23 07:28:25 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-23 07:28:25 +0200 |
commit | a3cd7169ee674d4f8fcdbc3a2e7a87a42ab20f20 (patch) | |
tree | de5844f46fd31f85a75c83de4ea2c496aa19b908 | |
parent | 9328bbfddf4352f478b8522710d1edd0a4067460 (diff) | |
parent | cd91e6cd80ab56a12d99a0940d38f8ee8286fd7b (diff) |
Merge pull request #17549 from vespa-engine/mortent/simplify-custom-acl-mapping
Provide standard mapping
5 files changed, 106 insertions, 61 deletions
diff --git a/container-core/abi-spec.json b/container-core/abi-spec.json index 43e0cab967e..9b139aacf3f 100644 --- a/container-core/abi-spec.json +++ b/container-core/abi-spec.json @@ -546,20 +546,6 @@ ], "fields": [] }, - "com.yahoo.container.jdisc.DefaultAclMapping": { - "superClass": "java.lang.Object", - "interfaces": [ - "com.yahoo.container.jdisc.AclMapping" - ], - "attributes": [ - "public" - ], - "methods": [ - "public void <init>()", - "public com.yahoo.container.jdisc.AclMapping$Action get(com.yahoo.container.jdisc.RequestView)" - ], - "fields": [] - }, "com.yahoo.container.jdisc.EmptyResponse": { "superClass": "com.yahoo.container.jdisc.HttpResponse", "interfaces": [], @@ -590,6 +576,33 @@ ], "fields": [] }, + "com.yahoo.container.jdisc.HttpMethodAclMapping$Builder": { + "superClass": "java.lang.Object", + "interfaces": [], + "attributes": [ + "public" + ], + "methods": [ + "public void <init>()", + "public com.yahoo.container.jdisc.HttpMethodAclMapping$Builder override(com.yahoo.jdisc.http.HttpRequest$Method, com.yahoo.container.jdisc.AclMapping$Action)", + "public com.yahoo.container.jdisc.HttpMethodAclMapping build()" + ], + "fields": [] + }, + "com.yahoo.container.jdisc.HttpMethodAclMapping": { + "superClass": "java.lang.Object", + "interfaces": [ + "com.yahoo.container.jdisc.AclMapping" + ], + "attributes": [ + "public" + ], + "methods": [ + "public com.yahoo.container.jdisc.AclMapping$Action get(com.yahoo.container.jdisc.RequestView)", + "public static com.yahoo.container.jdisc.HttpMethodAclMapping$Builder standard()" + ], + "fields": [] + }, "com.yahoo.container.jdisc.HttpRequest$Builder": { "superClass": "java.lang.Object", "interfaces": [], diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java b/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java deleted file mode 100644 index 93639029128..00000000000 --- a/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. - -package com.yahoo.container.jdisc; - -/** - * Default ACL mapping - * @author mortent - */ -public class DefaultAclMapping implements AclMapping { - - @Override - public Action get(RequestView requestMeta) { - switch (requestMeta.method()) { - case GET: - case HEAD: - case OPTIONS: - return Action.READ; - case POST: - case DELETE: - case PUT: - case PATCH: - case CONNECT: - case TRACE: - return Action.WRITE; - default: - throw new IllegalArgumentException("Illegal request method: " + requestMeta.method()); - } - } -} diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/HttpMethodAclMapping.java b/container-core/src/main/java/com/yahoo/container/jdisc/HttpMethodAclMapping.java new file mode 100644 index 00000000000..c40c4eb96a2 --- /dev/null +++ b/container-core/src/main/java/com/yahoo/container/jdisc/HttpMethodAclMapping.java @@ -0,0 +1,71 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.container.jdisc; + +import com.yahoo.jdisc.http.HttpRequest; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Optional; + +import static com.yahoo.jdisc.http.HttpRequest.Method.CONNECT; +import static com.yahoo.jdisc.http.HttpRequest.Method.DELETE; +import static com.yahoo.jdisc.http.HttpRequest.Method.GET; +import static com.yahoo.jdisc.http.HttpRequest.Method.HEAD; +import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; +import static com.yahoo.jdisc.http.HttpRequest.Method.PATCH; +import static com.yahoo.jdisc.http.HttpRequest.Method.POST; +import static com.yahoo.jdisc.http.HttpRequest.Method.PUT; +import static com.yahoo.jdisc.http.HttpRequest.Method.TRACE; + +/** + * Acl Mapping based on http method. + * Defaults to: + * {GET, HEAD, OPTIONS} -> READ + * {POST, DELETE, PUT, PATCH, CONNECT, TRACE} -> WRITE + * @author mortent + */ +public class HttpMethodAclMapping implements AclMapping { + + private final Map<HttpRequest.Method, Action> mappings; + + private HttpMethodAclMapping(Map<HttpRequest.Method, Action> overrides) { + HashMap<HttpRequest.Method, Action> tmp = new HashMap<>(defaultMappings()); + tmp.putAll(overrides); + mappings = Map.copyOf(tmp); + } + + private static Map<HttpRequest.Method, Action> defaultMappings() { + return Map.of(GET, Action.READ, + HEAD, Action.READ, + OPTIONS, Action.READ, + POST, Action.WRITE, + DELETE, Action.WRITE, + PUT, Action.WRITE, + PATCH, Action.WRITE, + CONNECT, Action.WRITE, + TRACE, Action.WRITE); + } + + @Override + public Action get(RequestView requestView) { + return Optional.ofNullable(mappings.get(requestView.method())) + .orElseThrow(() -> new IllegalArgumentException("Illegal request method: " + requestView.method())); + } + + public static HttpMethodAclMapping.Builder standard() { + return new HttpMethodAclMapping.Builder(); + } + + public static class Builder { + private final Map<com.yahoo.jdisc.http.HttpRequest.Method, Action> overrides = new HashMap<>(); + public HttpMethodAclMapping.Builder override(HttpRequest.Method method, Action action) { + overrides.put(method, action); + return this; + } + public HttpMethodAclMapping build() { + return new HttpMethodAclMapping(overrides); + } + } +} diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java index 91fac9ac448..0ebb0bb99d9 100644 --- a/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java +++ b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java @@ -31,7 +31,7 @@ public class RequestHandlerSpec { public static class Builder { - private AclMapping aclMapping = new DefaultAclMapping(); + private AclMapping aclMapping = HttpMethodAclMapping.standard().build(); public Builder withAclMapping(AclMapping aclMapping) { this.aclMapping = Objects.requireNonNull(aclMapping); diff --git a/container-search/src/main/java/com/yahoo/search/handler/SearchHandler.java b/container-search/src/main/java/com/yahoo/search/handler/SearchHandler.java index e7c5511f259..65dc1052a78 100644 --- a/container-search/src/main/java/com/yahoo/search/handler/SearchHandler.java +++ b/container-search/src/main/java/com/yahoo/search/handler/SearchHandler.java @@ -11,6 +11,7 @@ import com.yahoo.container.QrSearchersConfig; import com.yahoo.container.core.ChainsConfig; import com.yahoo.container.core.ContainerHttpConfig; import com.yahoo.container.handler.threadpool.ContainerThreadPool; +import com.yahoo.container.jdisc.HttpMethodAclMapping; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; import com.yahoo.container.jdisc.LoggingRequestHandler; @@ -106,7 +107,8 @@ public class SearchHandler extends LoggingRequestHandler { private final AtomicLong numRequestsLeftToTrace; - private final static RequestHandlerSpec REQUEST_HANDLER_SPEC = RequestHandlerSpec.builder().withAclMapping(SearchHandler::mapRequestToAction).build(); + private final static RequestHandlerSpec REQUEST_HANDLER_SPEC = RequestHandlerSpec.builder() + .withAclMapping(SearchHandler.aclRequestMapper()).build(); private final class MeanConnections implements Callback { @@ -641,22 +643,10 @@ public class SearchHandler extends LoggingRequestHandler { return REQUEST_HANDLER_SPEC; } - private static AclMapping.Action mapRequestToAction(RequestView requestMeta) { - switch (requestMeta.method()){ - case GET: - case POST: - case HEAD: - case OPTIONS: - return AclMapping.Action.READ; - case PUT: - case DELETE: - case CONNECT: - case TRACE: - case PATCH: - return AclMapping.Action.WRITE; - default: - throw new IllegalArgumentException("Illegal method " + requestMeta.method()); - } + private static AclMapping aclRequestMapper() { + return HttpMethodAclMapping.standard() + .override(com.yahoo.jdisc.http.HttpRequest.Method.POST, AclMapping.Action.READ) + .build(); } } |