diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-14 09:45:41 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-14 09:45:54 +0100 |
commit | 2bbc49b697aa9636c4121aefd20487a2c16c839a (patch) | |
tree | 4ff1905c3aee5071e4176c515fab108b79c0d50b /container-core | |
parent | 5bd805e119093ef5a29abe0ccdacceed3a6df777 (diff) |
Require capabilities for built-in request handlers
Diffstat (limited to 'container-core')
4 files changed, 17 insertions, 8 deletions
diff --git a/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java b/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java index 71e5e8db3e5..ab57f654294 100644 --- a/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java +++ b/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java @@ -7,8 +7,11 @@ import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.RequestView; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.restapi.Path; +import com.yahoo.security.tls.Capability; import java.net.URI; import java.time.Duration; @@ -26,7 +29,7 @@ import static java.util.logging.Level.WARNING; /** * @author gjoranv */ -public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler { +public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler implements CapabilityRequiringRequestHandler { private static final ObjectMapper jsonMapper = new ObjectMapper(); private final Duration defaultTimeout; @@ -42,6 +45,8 @@ public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler { protected abstract Optional<HttpResponse> doHandle(URI requestUri, Path apiPath, String consumer); + @Override public Capability requiredCapability(RequestView __) { return Capability.METRICSPROXY__METRICS_API; } + @Override public Duration getTimeout() { return defaultTimeout; diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java b/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java index 629bb29a460..e1ec22bd622 100644 --- a/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java +++ b/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java @@ -6,12 +6,13 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; -import com.yahoo.component.annotation.Inject; import com.yahoo.collections.Tuple2; import com.yahoo.component.Vtag; +import com.yahoo.component.annotation.Inject; import com.yahoo.component.provider.ComponentRegistry; import com.yahoo.container.core.ApplicationMetadataConfig; -import com.yahoo.container.logging.LevelsModSpec; +import com.yahoo.container.jdisc.RequestView; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.jdisc.Request; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.Timer; @@ -21,6 +22,7 @@ import com.yahoo.jdisc.handler.ContentChannel; import com.yahoo.jdisc.handler.ResponseDispatch; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpHeaders; +import com.yahoo.security.tls.Capability; import java.io.ByteArrayOutputStream; import java.io.PrintStream; @@ -40,7 +42,7 @@ import static com.yahoo.container.jdisc.state.JsonUtil.sanitizeDouble; * * @author Simon Thoresen Hult */ -public class StateHandler extends AbstractRequestHandler { +public class StateHandler extends AbstractRequestHandler implements CapabilityRequiringRequestHandler { private static final ObjectMapper jsonMapper = new ObjectMapper(); @@ -66,6 +68,8 @@ public class StateHandler extends AbstractRequestHandler { snapshotProvider = getSnapshotProviderOrThrow(snapshotProviders); } + @Override public Capability requiredCapability(RequestView __) { return Capability.CONTAINER__STATE_API; } + static SnapshotProvider getSnapshotProviderOrThrow(ComponentRegistry<SnapshotProvider> preprocessors) { List<SnapshotProvider> allPreprocessors = preprocessors.allComponents(); if (allPreprocessors.size() > 0) { diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java b/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java index abb30ba2544..695cf1cff4a 100644 --- a/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java +++ b/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java @@ -11,9 +11,9 @@ import com.yahoo.security.tls.CapabilitySet; * @author bjorncs */ public interface CapabilityRequiringRequestHandler extends RequestHandler { + Capability DEFAULT_REQUIRED_CAPABILITY = Capability.HTTP_UNCLASSIFIED; - CapabilitySet DEFAULT_REQUIRED_CAPABILITIES = CapabilitySet.of(Capability.HTTP_UNCLASSIFIED); - - default CapabilitySet requiredCapabilities(RequestView req) { return DEFAULT_REQUIRED_CAPABILITIES; } + default CapabilitySet requiredCapabilities(RequestView req) { return requiredCapability(req).toCapabilitySet(); } + default Capability requiredCapability(RequestView req) { return DEFAULT_REQUIRED_CAPABILITY; } } diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java index d298f11860c..dde864704cb 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java @@ -42,7 +42,7 @@ class CapabilityEnforcingRequestHandler implements DelegatedRequestHandler { DelegatedRequestHandler.resolve(CapabilityRequiringRequestHandler.class, wrapped).orElse(null); var requiredCapabilities = capabilityRequiringHandler != null ? capabilityRequiringHandler.requiredCapabilities(new View(req)) - : CapabilityRequiringRequestHandler.DEFAULT_REQUIRED_CAPABILITIES; + : CapabilityRequiringRequestHandler.DEFAULT_REQUIRED_CAPABILITY.toCapabilitySet(); var authCtx = Optional.ofNullable(req.context().get(RequestUtils.JDISC_REQUEST_SSLSESSION)) .flatMap(s -> TransportSecurityUtils.getConnectionAuthContext((SSLSession) s)) .orElse(null); |