diff options
| author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-07 15:06:18 +0200 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-07 15:22:00 +0200 |
| commit | dc7cf9d7f792fd4f80bd2c3fd8cbf7b1f70561b4 (patch) | |
| tree | ccdbeadf9bb9c4f4e168fac71bd041392ec38eff /container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java | |
| parent | ea880e5a8b25e10b3b72e1a4068a92d54d986ca5 (diff) | |
Simplify handler
Diffstat (limited to 'container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java')
| -rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java | 41 |
1 files changed, 6 insertions, 35 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java index ce949074bfa..b420aabc598 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java @@ -11,11 +11,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import static com.yahoo.jdisc.http.server.jetty.RequestUtils.getConnectorLocalPort; /** * A Jetty handler that enforces TLS client authentication with configurable white list. @@ -24,10 +19,11 @@ import static com.yahoo.jdisc.http.server.jetty.RequestUtils.getConnectorLocalPo */ class TlsClientAuthenticationEnforcer extends HandlerWrapper { - private final Map<Integer, List<String>> portToWhitelistedPathsMapping; + private final ConnectorConfig.TlsClientAuthEnforcer cfg; - TlsClientAuthenticationEnforcer(List<ConnectorConfig> connectorConfigs) { - portToWhitelistedPathsMapping = createWhitelistMapping(connectorConfigs); + TlsClientAuthenticationEnforcer(ConnectorConfig.TlsClientAuthEnforcer cfg) { + if (!cfg.enable()) throw new IllegalArgumentException(); + this.cfg = cfg; } @Override @@ -44,36 +40,11 @@ class TlsClientAuthenticationEnforcer extends HandlerWrapper { } } - private static Map<Integer, List<String>> createWhitelistMapping(List<ConnectorConfig> connectorConfigs) { - var mapping = new HashMap<Integer, List<String>>(); - for (ConnectorConfig connectorConfig : connectorConfigs) { - var enforcerConfig = connectorConfig.tlsClientAuthEnforcer(); - if (enforcerConfig.enable()) { - mapping.put(connectorConfig.listenPort(), enforcerConfig.pathWhitelist()); - } - } - return mapping; - } - - private boolean isRequest(Request request) { - return request.getDispatcherType() == DispatcherType.REQUEST; - } + private boolean isRequest(Request request) { return request.getDispatcherType() == DispatcherType.REQUEST; } private boolean isRequestToWhitelistedBinding(Request jettyRequest) { - int localPort = getConnectorLocalPort(jettyRequest); - List<String> whiteListedPaths = getWhitelistedPathsForPort(localPort); - if (whiteListedPaths == null) { - return true; // enforcer not enabled - } // Note: Same path definition as HttpRequestFactory.getUri() - return whiteListedPaths.contains(jettyRequest.getRequestURI()); - } - - private List<String> getWhitelistedPathsForPort(int localPort) { - if (portToWhitelistedPathsMapping.containsKey(0) && portToWhitelistedPathsMapping.size() == 1) { - return portToWhitelistedPathsMapping.get(0); // for unit tests which uses 0 for listen port - } - return portToWhitelistedPathsMapping.get(localPort); + return cfg.pathWhitelist().contains(jettyRequest.getRequestURI()); } private boolean isClientAuthenticated(HttpServletRequest servletRequest) { |