Custom acl mapping

author: Morten Tokle <mortent@verizonmedia.com> 2021-04-15 11:58:21 +0200
committer: Morten Tokle <mortent@verizonmedia.com> 2021-04-15 12:01:30 +0200
commit: 96c2e442cbb798f0c85990d3f0c760c60ee9a5b3 (patch)
tree: 3e3559545df8686955d083b65eb239baa8c09505 /container-core/src/main/java
parent: 81fad70d16a8494ce0464af6ee4ba9c0e12f6a6e (diff)
8 files changed, 152 insertions, 1 deletions
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/AclMapping.java b/container-core/src/main/java/com/yahoo/container/jdisc/AclMapping.java
new file mode 100644
index 00000000000..8c7701a7534
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/AclMapping.java
@@ -0,0 +1,14 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.container.jdisc;
+
+/**
+ * Mapping from request to action
+ *
+ * @author mortent
+ */
+public interface AclMapping {
+    enum Action {create, read, update, delete};
+
+    Action get(RequestView requestView);
+}
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java b/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java
new file mode 100644
index 00000000000..0a996cb5967
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/DefaultAclMapping.java
@@ -0,0 +1,31 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.container.jdisc;
+
+/**
+ * Default ACL mapping
+ * @author mortent
+ */
+public class DefaultAclMapping implements AclMapping {
+
+    @Override
+    public Action get(RequestView requestMeta) {
+        switch (requestMeta.method()) {
+            case GET:
+            case HEAD:
+            case OPTIONS:
+                return Action.read;
+            case POST:
+                return Action.create;
+            case DELETE:
+                return Action.delete;
+            case PUT:
+            case PATCH:
+            case CONNECT:
+            case TRACE:
+                return Action.update;
+            default:
+                throw new IllegalArgumentException("Illegal request method: " + requestMeta.method());
+        }
+    }
+}
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java
new file mode 100644
index 00000000000..91fac9ac448
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerSpec.java
@@ -0,0 +1,46 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.container.jdisc;
+
+import java.util.Objects;
+
+/**
+ * A specification provided by a request handler.
+ * Available through request context attribute
+ *
+ * @author mortent
+ */
+public class RequestHandlerSpec {
+
+    public static final String ATTRIBUTE_NAME = RequestHandlerSpec.class.getName();
+    public static final RequestHandlerSpec DEFAULT_INSTANCE = RequestHandlerSpec.builder().build();
+
+    private final AclMapping aclMapping;
+
+    private RequestHandlerSpec(AclMapping aclMapping) {
+        this.aclMapping = aclMapping;
+    }
+
+    public AclMapping aclMapping() {
+        return aclMapping;
+    }
+
+    public static Builder builder(){
+        return new Builder();
+    }
+
+    public static class Builder {
+
+        private AclMapping aclMapping = new DefaultAclMapping();
+
+        public Builder withAclMapping(AclMapping aclMapping) {
+            this.aclMapping = Objects.requireNonNull(aclMapping);
+            return this;
+        }
+
+        public RequestHandlerSpec build() {
+            return new RequestHandlerSpec(aclMapping);
+        }
+    }
+}
+
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerWithSpec.java b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerWithSpec.java
new file mode 100644
index 00000000000..89107195671
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/RequestHandlerWithSpec.java
@@ -0,0 +1,21 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.container.jdisc;
+
+import com.yahoo.jdisc.handler.RequestHandler;
+
+/**
+ * Extends a request handler with a request handler specification.
+ *
+ * @author mortent
+ */
+public interface RequestHandlerWithSpec extends RequestHandler {
+
+    /**
+     *
+     * @return handler specification
+     */
+    default RequestHandlerSpec requestHandlerSpec() {
+        return RequestHandlerSpec.DEFAULT_INSTANCE;
+    }
+}
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/RequestView.java b/container-core/src/main/java/com/yahoo/container/jdisc/RequestView.java
new file mode 100644
index 00000000000..51a5fdc8959
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/RequestView.java
@@ -0,0 +1,18 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.container.jdisc;
+
+import com.yahoo.jdisc.http.HttpRequest;
+
+import java.net.URI;
+
+/**
+ * Read-only view of the request
+ *
+ * @author mortent
+ */
+public interface RequestView {
+    HttpRequest.Method method();
+
+    URI uri();
+}
diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/ThreadedRequestHandler.java b/container-core/src/main/java/com/yahoo/container/jdisc/ThreadedRequestHandler.java
index 446ee90c205..0b05f58f75e 100644
--- a/container-core/src/main/java/com/yahoo/container/jdisc/ThreadedRequestHandler.java
+++ b/container-core/src/main/java/com/yahoo/container/jdisc/ThreadedRequestHandler.java
@@ -35,7 +35,7 @@ import java.util.logging.Logger;
  *
  * @author Simon Thoresen Hult
  */
-public abstract class ThreadedRequestHandler extends AbstractRequestHandler {
+public abstract class ThreadedRequestHandler extends AbstractRequestHandler implements RequestHandlerWithSpec {
 
     private static final Logger log = Logger.getLogger(ThreadedRequestHandler.class.getName());
     private static final Duration TIMEOUT = Duration.ofSeconds(Integer.parseInt(System.getProperty("ThreadedRequestHandler.timeout", "300")));
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java b/container-core/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
index f7ab399574c..72068bd2dd5 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
@@ -1,6 +1,7 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jdisc.http.filter;
 
+import com.yahoo.container.jdisc.RequestView;
 import com.yahoo.jdisc.HeaderFields;
 import com.yahoo.jdisc.http.Cookie;
 import com.yahoo.jdisc.http.HttpHeaders;
@@ -254,6 +255,19 @@ public abstract class DiscFilterRequest {
         }
     }
 
+    public RequestView asRequestView() {
+        return new RequestView() {
+            @Override
+            public HttpRequest.Method method() {
+                return HttpRequest.Method.valueOf(getMethod());
+            }
+
+            @Override
+            public URI uri() {
+                return getUri();
+            }
+        };
+    }
 
     public List<Cookie> getCookies() {
         return parent.decodeCookieHeader();
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/FilteringRequestHandler.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/FilteringRequestHandler.java
index a487b63ef10..0d94701f794 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/FilteringRequestHandler.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/FilteringRequestHandler.java
@@ -2,6 +2,8 @@
 package com.yahoo.jdisc.http.server.jetty;
 
 import com.google.common.base.Preconditions;
+import com.yahoo.container.jdisc.RequestHandlerSpec;
+import com.yahoo.container.jdisc.RequestHandlerWithSpec;
 import com.yahoo.jdisc.Request;
 import com.yahoo.jdisc.Response;
 import com.yahoo.jdisc.handler.AbstractRequestHandler;
@@ -65,6 +67,11 @@ class FilteringRequestHandler extends AbstractRequestHandler {
             throw new BindingNotFoundException(request.getUri());
         }
 
+        if (resolvedRequestHandler instanceof RequestHandlerWithSpec) {
+            RequestHandlerSpec requestHandlerSpec = ((RequestHandlerWithSpec) resolvedRequestHandler).requestHandlerSpec();
+            request.context().put(RequestHandlerSpec.ATTRIBUTE_NAME, requestHandlerSpec);
+        }
+
         RequestHandler requestHandler = new ReferenceCountingRequestHandler(resolvedRequestHandler);
 
         ResponseHandler responseHandler;
author	Morten Tokle <mortent@verizonmedia.com>	2021-04-15 11:58:21 +0200
committer	Morten Tokle <mortent@verizonmedia.com>	2021-04-15 12:01:30 +0200
commit	96c2e442cbb798f0c85990d3f0c760c60ee9a5b3 (patch)
tree	3e3559545df8686955d083b65eb239baa8c09505 /container-core/src/main/java
parent	81fad70d16a8494ce0464af6ee4ba9c0e12f6a6e (diff)