diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2019-09-09 07:55:31 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-09 07:55:31 +0200 |
commit | 685ca91c1db497917fb39952f5180d1f866ab774 (patch) | |
tree | d90bff97c9440936861e7686ee5b270af72f7004 /config-model | |
parent | 86552eb8697ec649afa7a51f464c7ca0197e0347 (diff) | |
parent | 4bf8e07adfe739cdda83df4c125f6dc10b98b4d8 (diff) |
Merge pull request #10544 from vespa-engine/mortent/add-default-filter-chain
Add default filter chain
Diffstat (limited to 'config-model')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index e47c00eeea3..2343fbf4452 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -59,6 +59,7 @@ import com.yahoo.vespa.model.container.component.chain.ProcessingHandler; import com.yahoo.vespa.model.container.docproc.ContainerDocproc; import com.yahoo.vespa.model.container.docproc.DocprocChains; import com.yahoo.vespa.model.container.http.ConnectorFactory; +import com.yahoo.vespa.model.container.http.FilterChains; import com.yahoo.vespa.model.container.http.Http; import com.yahoo.vespa.model.container.http.JettyHttpServer; import com.yahoo.vespa.model.container.http.ssl.HostedSslConnectorFactory; @@ -328,33 +329,35 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { if (httpElement != null) { cluster.setHttp(buildHttp(deployState, cluster, httpElement)); } - // If the deployment contains certificate/private key reference, setup TLS port if (deployState.tlsSecrets().isPresent()) { - boolean authorizeClient = XML.getChild(spec, "client-authorize") != null; - if (authorizeClient) { - if (deployState.tlsClientAuthority().isEmpty()) { - throw new RuntimeException("client-authorize set, but security/clients.pem is missing"); - } - } - - if(httpElement == null) { - cluster.setHttp(new Http(Collections.emptyList())); - } - if(cluster.getHttp().getHttpServer() == null) { - JettyHttpServer defaultHttpServer = new JettyHttpServer(new ComponentId("DefaultHttpServer")); - cluster.getHttp().setHttpServer(defaultHttpServer); - defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", Defaults.getDefaults().vespaWebServicePort())); + addTlsPort(deployState, spec, cluster); + } + } + private void addTlsPort(DeployState deployState, Element spec, ApplicationContainerCluster cluster) { + boolean authorizeClient = XML.getChild(spec, "client-authorize") != null; + if (authorizeClient) { + if (deployState.tlsClientAuthority().isEmpty()) { + throw new RuntimeException("client-authorize set, but security/clients.pem is missing"); } - JettyHttpServer server = cluster.getHttp().getHttpServer(); - - String serverName = server.getComponentId().getName(); - HostedSslConnectorFactory connectorFactory = authorizeClient - ? new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get(), deployState.tlsClientAuthority().get()) - : new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get()); - server.addConnector(connectorFactory); } + if(cluster.getHttp() == null) { + Http http = new Http(Collections.emptyList()); + http.setFilterChains(new FilterChains(cluster)); + cluster.setHttp(http); + } + if(cluster.getHttp().getHttpServer() == null) { + JettyHttpServer defaultHttpServer = new JettyHttpServer(new ComponentId("DefaultHttpServer")); + cluster.getHttp().setHttpServer(defaultHttpServer); + defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", Defaults.getDefaults().vespaWebServicePort())); + } + JettyHttpServer server = cluster.getHttp().getHttpServer(); + String serverName = server.getComponentId().getName(); + HostedSslConnectorFactory connectorFactory = authorizeClient + ? new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get(), deployState.tlsClientAuthority().get()) + : new HostedSslConnectorFactory(serverName, deployState.tlsSecrets().get()); + server.addConnector(connectorFactory); } private Http buildHttp(DeployState deployState, ApplicationContainerCluster cluster, Element httpElement) { |