Merge pull request #10544 from vespa-engine/mortent/add-default-filter-chain

Add default filter chain
author: Morten Tokle <mortent@verizonmedia.com> 2019-09-09 07:55:31 +0200
committer: GitHub <noreply@github.com> 2019-09-09 07:55:31 +0200
commit: 685ca91c1db497917fb39952f5180d1f866ab774 (patch)
tree: d90bff97c9440936861e7686ee5b270af72f7004 /config-model
parent: 86552eb8697ec649afa7a51f464c7ca0197e0347 (diff)
parent: 4bf8e07adfe739cdda83df4c125f6dc10b98b4d8 (diff)
1 files changed, 25 insertions, 22 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index e47c00eeea3..2343fbf4452 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -59,6 +59,7 @@ import com.yahoo.vespa.model.container.component.chain.ProcessingHandler;
 import com.yahoo.vespa.model.container.docproc.ContainerDocproc;
 import com.yahoo.vespa.model.container.docproc.DocprocChains;
 import com.yahoo.vespa.model.container.http.ConnectorFactory;
+import com.yahoo.vespa.model.container.http.FilterChains;
 import com.yahoo.vespa.model.container.http.Http;
 import com.yahoo.vespa.model.container.http.JettyHttpServer;
 import com.yahoo.vespa.model.container.http.ssl.HostedSslConnectorFactory;
@@ -328,33 +329,35 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         if (httpElement != null) {
             cluster.setHttp(buildHttp(deployState, cluster, httpElement));
         }
-
         // If the deployment contains certificate/private key reference, setup TLS port
         if (deployState.tlsSecrets().isPresent()) {
-            boolean authorizeClient = XML.getChild(spec, "client-authorize") != null;
-            if (authorizeClient) {
-                if (deployState.tlsClientAuthority().isEmpty()) {
-                    throw new RuntimeException("client-authorize set, but security/clients.pem is missing");
-                }
-            }
-
-            if(httpElement == null) {
-                cluster.setHttp(new Http(Collections.emptyList()));
-            }
-            if(cluster.getHttp().getHttpServer() == null) {
-                JettyHttpServer defaultHttpServer = new JettyHttpServer(new ComponentId("DefaultHttpServer"));
-                cluster.getHttp().setHttpServer(defaultHttpServer);
-                defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", Defaults.getDefaults().vespaWebServicePort()));
+            addTlsPort(deployState, spec, cluster);
+        }
+    }
 
+    private void addTlsPort(DeployState deployState, Element spec, ApplicationContainerCluster cluster) {
+        boolean authorizeClient = XML.getChild(spec, "client-authorize") != null;
+        if (authorizeClient) {
+            if (deployState.tlsClientAuthority().isEmpty()) {
+                throw new RuntimeException("client-authorize set, but security/clients.pem is missing");
             }
-            JettyHttpServer server = cluster.getHttp().getHttpServer();
-
-            String serverName = server.getComponentId().getName();
-            HostedSslConnectorFactory connectorFactory = authorizeClient
-                    ? new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get(), deployState.tlsClientAuthority().get())
-                    : new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get());
-            server.addConnector(connectorFactory);
         }
+        if(cluster.getHttp() == null) {
+            Http http = new Http(Collections.emptyList());
+            http.setFilterChains(new FilterChains(cluster));
+            cluster.setHttp(http);
+        }
+        if(cluster.getHttp().getHttpServer() == null) {
+            JettyHttpServer defaultHttpServer = new JettyHttpServer(new ComponentId("DefaultHttpServer"));
+            cluster.getHttp().setHttpServer(defaultHttpServer);
+            defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", Defaults.getDefaults().vespaWebServicePort()));
+        }
+        JettyHttpServer server = cluster.getHttp().getHttpServer();
+        String serverName = server.getComponentId().getName();
+        HostedSslConnectorFactory connectorFactory = authorizeClient
+                ? new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get(), deployState.tlsClientAuthority().get())
+                : new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get());
+        server.addConnector(connectorFactory);
     }
 
     private Http buildHttp(DeployState deployState, ApplicationContainerCluster cluster, Element httpElement) {
author	Morten Tokle <mortent@verizonmedia.com>	2019-09-09 07:55:31 +0200
committer	GitHub <noreply@github.com>	2019-09-09 07:55:31 +0200
commit	685ca91c1db497917fb39952f5180d1f866ab774 (patch)
tree	d90bff97c9440936861e7686ee5b270af72f7004 /config-model
parent	86552eb8697ec649afa7a51f464c7ca0197e0347 (diff)
parent	4bf8e07adfe739cdda83df4c125f6dc10b98b4d8 (diff)