Merge pull request #23496 from vespa-engine/bjorncs/capabilitiesv8.21.11

Bjorncs/capabilities
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2022-07-19 14:30:27 +0200
committer: GitHub <noreply@github.com> 2022-07-19 14:30:27 +0200
commit: 46ba1b00aa19e937e2c257b34c23417adeef56eb (patch)
tree: 7e595f7ca0c17bc74b07c18472f4cd2d4f57c4d4 /configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
parent: 8be6dd28753425126507b68c93a24607124871eb (diff)
parent: 529a26d7e1062a006196366454f1a047ca31202c (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
index f5b570fed40..288d064f150 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
@@ -10,9 +10,9 @@ import com.yahoo.config.provision.security.NodeIdentifier;
 import com.yahoo.config.provision.security.NodeIdentifierException;
 import com.yahoo.config.provision.security.NodeIdentity;
 import com.yahoo.jrt.Request;
-import com.yahoo.jrt.SecurityContext;
 import com.yahoo.security.tls.MixedMode;
 import com.yahoo.security.tls.TransportSecurityUtils;
+import com.yahoo.security.tls.authz.ConnectionAuthContext;
 import com.yahoo.vespa.config.ConfigKey;
 import com.yahoo.vespa.config.protocol.JRTServerConfigRequestV3;
 import com.yahoo.vespa.config.server.RequestHandler;
@@ -166,14 +166,14 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer {
 
     // TODO Make peer identity mandatory once TLS mixed mode is removed
     private Optional<NodeIdentity> getPeerIdentity(Request request) {
-        Optional<SecurityContext> securityContext = request.target().getSecurityContext();
-        if (securityContext.isEmpty()) {
+        Optional<ConnectionAuthContext> authCtx = request.target().getConnectionAuthContext();
+        if (authCtx.isEmpty()) {
             if (TransportSecurityUtils.getInsecureMixedMode() == MixedMode.DISABLED) {
                 throw new IllegalStateException("Security context missing"); // security context should always be present
             }
             return Optional.empty(); // client choose to communicate over insecure channel
         }
-        List<X509Certificate> certChain = securityContext.get().peerCertificateChain();
+        List<X509Certificate> certChain = authCtx.get().peerCertificateChain();
         if (certChain.isEmpty()) {
             throw new IllegalStateException("Client authentication is not enforced!"); // clients should be required to authenticate when TLS is enabled
         }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2022-07-19 14:30:27 +0200
committer	GitHub <noreply@github.com>	2022-07-19 14:30:27 +0200
commit	46ba1b00aa19e937e2c257b34c23417adeef56eb (patch)
tree	7e595f7ca0c17bc74b07c18472f4cd2d4f57c4d4 /configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
parent	8be6dd28753425126507b68c93a24607124871eb (diff)
parent	529a26d7e1062a006196366454f1a047ca31202c (diff)