diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-07 14:11:43 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-07 15:06:37 +0200 |
commit | 2305dd06e0db691c0057351d2080d0cee940a1ba (patch) | |
tree | db0a3dcbc5bbb7a0104c47022d45c39fb591049d /container-core/src/main/java/com | |
parent | 851ff1637f82034dd97f6e50806f4e0642e6a656 (diff) |
Remove unused http=>https redirect Jetty handler
Diffstat (limited to 'container-core/src/main/java/com')
3 files changed, 2 insertions, 70 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index e59e95a59a7..6282e334409 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -56,7 +56,6 @@ public class ConnectorFactory { // e.g. due to TLS configuration through environment variables. private static void runtimeConnectorConfigValidation(ConnectorConfig config) { validateProxyProtocolConfiguration(config); - validateSecureRedirectConfig(config); } private static void validateProxyProtocolConfiguration(ConnectorConfig config) { @@ -69,12 +68,6 @@ public class ConnectorFactory { } } - private static void validateSecureRedirectConfig(ConnectorConfig config) { - if (config.secureRedirect().enabled() && isSslEffectivelyEnabled(config)) { - throw new IllegalArgumentException("Secure redirect can only be enabled on connectors without HTTPS"); - } - } - public ConnectorConfig getConnectorConfig() { return connectorConfig; } diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java index 96c5bac335b..c8b52ceb872 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java @@ -142,13 +142,10 @@ public class JettyHttpServer extends AbstractServerProvider { ServletContextHandler servletContextHandler = createServletContextHandler(); servletContextHandler.addServlet(jdiscServlet, "/*"); - List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList()); - var secureRedirectHandler = new SecuredRedirectHandler(connectorConfigs); - secureRedirectHandler.setHandler(servletContextHandler); - var proxyHandler = new HealthCheckProxyHandler(connectors); - proxyHandler.setHandler(secureRedirectHandler); + proxyHandler.setHandler(servletContextHandler); + List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList()); var authEnforcer = new TlsClientAuthenticationEnforcer(connectorConfigs); authEnforcer.setHandler(proxyHandler); diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java deleted file mode 100644 index e5dddf285ef..00000000000 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.server.jetty; - -import com.yahoo.jdisc.http.ConnectorConfig; -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.server.handler.HandlerWrapper; -import org.eclipse.jetty.util.URIUtil; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import static com.yahoo.jdisc.http.server.jetty.RequestUtils.getConnectorLocalPort; - -/** - * A secure redirect handler inspired by {@link org.eclipse.jetty.server.handler.SecuredRedirectHandler}. - * - * @author bjorncs - */ -class SecuredRedirectHandler extends HandlerWrapper { - - private static final String HEALTH_CHECK_PATH = "/status.html"; - - private final Map<Integer, Integer> redirectMap; - - SecuredRedirectHandler(List<ConnectorConfig> connectorConfigs) { - this.redirectMap = createRedirectMap(connectorConfigs); - } - - @Override - public void handle(String target, Request request, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException, ServletException { - int localPort = getConnectorLocalPort(request); - if (!redirectMap.containsKey(localPort)) { - _handler.handle(target, request, servletRequest, servletResponse); - return; - } - servletResponse.setContentLength(0); - if (!servletRequest.getRequestURI().equals(HEALTH_CHECK_PATH)) { - servletResponse.sendRedirect( - URIUtil.newURI("https", request.getServerName(), redirectMap.get(localPort), request.getRequestURI(), request.getQueryString())); - } - request.setHandled(true); - } - - private static Map<Integer, Integer> createRedirectMap(List<ConnectorConfig> connectorConfigs) { - var redirectMap = new HashMap<Integer, Integer>(); - for (ConnectorConfig connectorConfig : connectorConfigs) { - if (connectorConfig.secureRedirect().enabled()) { - redirectMap.put(connectorConfig.listenPort(), connectorConfig.secureRedirect().port()); - } - } - return redirectMap; - } -} |