summaryrefslogtreecommitdiffstats
path: root/container-core
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2022-10-07 14:11:43 +0200
committerBjørn Christian Seime <bjorncs@yahooinc.com>2022-10-07 15:06:37 +0200
commit2305dd06e0db691c0057351d2080d0cee940a1ba (patch)
treedb0a3dcbc5bbb7a0104c47022d45c39fb591049d /container-core
parent851ff1637f82034dd97f6e50806f4e0642e6a656 (diff)
Remove unused http=>https redirect Jetty handler
Diffstat (limited to 'container-core')
-rw-r--r--container-core/abi-spec.json35
-rw-r--r--container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java7
-rw-r--r--container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java7
-rw-r--r--container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java58
-rw-r--r--container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def6
5 files changed, 2 insertions, 111 deletions
diff --git a/container-core/abi-spec.json b/container-core/abi-spec.json
index 5985e79b786..bbee5ffd7da 100644
--- a/container-core/abi-spec.json
+++ b/container-core/abi-spec.json
@@ -1051,8 +1051,6 @@
"public com.yahoo.jdisc.http.ConnectorConfig$Builder healthCheckProxy(java.util.function.Consumer)",
"public com.yahoo.jdisc.http.ConnectorConfig$Builder proxyProtocol(com.yahoo.jdisc.http.ConnectorConfig$ProxyProtocol$Builder)",
"public com.yahoo.jdisc.http.ConnectorConfig$Builder proxyProtocol(java.util.function.Consumer)",
- "public com.yahoo.jdisc.http.ConnectorConfig$Builder secureRedirect(com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder)",
- "public com.yahoo.jdisc.http.ConnectorConfig$Builder secureRedirect(java.util.function.Consumer)",
"public com.yahoo.jdisc.http.ConnectorConfig$Builder maxRequestsPerConnection(int)",
"public com.yahoo.jdisc.http.ConnectorConfig$Builder maxConnectionLife(double)",
"public com.yahoo.jdisc.http.ConnectorConfig$Builder http2Enabled(boolean)",
@@ -1074,7 +1072,6 @@
"public com.yahoo.jdisc.http.ConnectorConfig$TlsClientAuthEnforcer$Builder tlsClientAuthEnforcer",
"public com.yahoo.jdisc.http.ConnectorConfig$HealthCheckProxy$Builder healthCheckProxy",
"public com.yahoo.jdisc.http.ConnectorConfig$ProxyProtocol$Builder proxyProtocol",
- "public com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder secureRedirect",
"public com.yahoo.jdisc.http.ConnectorConfig$Http2$Builder http2",
"public com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder serverName"
]
@@ -1193,37 +1190,6 @@
],
"fields": []
},
- "com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder": {
- "superClass": "java.lang.Object",
- "interfaces": [
- "com.yahoo.config.ConfigBuilder"
- ],
- "attributes": [
- "public"
- ],
- "methods": [
- "public void <init>()",
- "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect)",
- "public com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder enabled(boolean)",
- "public com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder port(int)",
- "public com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect build()"
- ],
- "fields": []
- },
- "com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect": {
- "superClass": "com.yahoo.config.InnerNode",
- "interfaces": [],
- "attributes": [
- "public",
- "final"
- ],
- "methods": [
- "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect$Builder)",
- "public boolean enabled()",
- "public int port()"
- ],
- "fields": []
- },
"com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder": {
"superClass": "java.lang.Object",
"interfaces": [
@@ -1443,7 +1409,6 @@
"public com.yahoo.jdisc.http.ConnectorConfig$TlsClientAuthEnforcer tlsClientAuthEnforcer()",
"public com.yahoo.jdisc.http.ConnectorConfig$HealthCheckProxy healthCheckProxy()",
"public com.yahoo.jdisc.http.ConnectorConfig$ProxyProtocol proxyProtocol()",
- "public com.yahoo.jdisc.http.ConnectorConfig$SecureRedirect secureRedirect()",
"public int maxRequestsPerConnection()",
"public double maxConnectionLife()",
"public boolean http2Enabled()",
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index e59e95a59a7..6282e334409 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -56,7 +56,6 @@ public class ConnectorFactory {
// e.g. due to TLS configuration through environment variables.
private static void runtimeConnectorConfigValidation(ConnectorConfig config) {
validateProxyProtocolConfiguration(config);
- validateSecureRedirectConfig(config);
}
private static void validateProxyProtocolConfiguration(ConnectorConfig config) {
@@ -69,12 +68,6 @@ public class ConnectorFactory {
}
}
- private static void validateSecureRedirectConfig(ConnectorConfig config) {
- if (config.secureRedirect().enabled() && isSslEffectivelyEnabled(config)) {
- throw new IllegalArgumentException("Secure redirect can only be enabled on connectors without HTTPS");
- }
- }
-
public ConnectorConfig getConnectorConfig() {
return connectorConfig;
}
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
index 96c5bac335b..c8b52ceb872 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
@@ -142,13 +142,10 @@ public class JettyHttpServer extends AbstractServerProvider {
ServletContextHandler servletContextHandler = createServletContextHandler();
servletContextHandler.addServlet(jdiscServlet, "/*");
- List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList());
- var secureRedirectHandler = new SecuredRedirectHandler(connectorConfigs);
- secureRedirectHandler.setHandler(servletContextHandler);
-
var proxyHandler = new HealthCheckProxyHandler(connectors);
- proxyHandler.setHandler(secureRedirectHandler);
+ proxyHandler.setHandler(servletContextHandler);
+ List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList());
var authEnforcer = new TlsClientAuthenticationEnforcer(connectorConfigs);
authEnforcer.setHandler(proxyHandler);
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java
deleted file mode 100644
index e5dddf285ef..00000000000
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/SecuredRedirectHandler.java
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.server.jetty;
-
-import com.yahoo.jdisc.http.ConnectorConfig;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.handler.HandlerWrapper;
-import org.eclipse.jetty.util.URIUtil;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import static com.yahoo.jdisc.http.server.jetty.RequestUtils.getConnectorLocalPort;
-
-/**
- * A secure redirect handler inspired by {@link org.eclipse.jetty.server.handler.SecuredRedirectHandler}.
- *
- * @author bjorncs
- */
-class SecuredRedirectHandler extends HandlerWrapper {
-
- private static final String HEALTH_CHECK_PATH = "/status.html";
-
- private final Map<Integer, Integer> redirectMap;
-
- SecuredRedirectHandler(List<ConnectorConfig> connectorConfigs) {
- this.redirectMap = createRedirectMap(connectorConfigs);
- }
-
- @Override
- public void handle(String target, Request request, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException, ServletException {
- int localPort = getConnectorLocalPort(request);
- if (!redirectMap.containsKey(localPort)) {
- _handler.handle(target, request, servletRequest, servletResponse);
- return;
- }
- servletResponse.setContentLength(0);
- if (!servletRequest.getRequestURI().equals(HEALTH_CHECK_PATH)) {
- servletResponse.sendRedirect(
- URIUtil.newURI("https", request.getServerName(), redirectMap.get(localPort), request.getRequestURI(), request.getQueryString()));
- }
- request.setHandled(true);
- }
-
- private static Map<Integer, Integer> createRedirectMap(List<ConnectorConfig> connectorConfigs) {
- var redirectMap = new HashMap<Integer, Integer>();
- for (ConnectorConfig connectorConfig : connectorConfigs) {
- if (connectorConfig.secureRedirect().enabled()) {
- redirectMap.put(connectorConfig.listenPort(), connectorConfig.secureRedirect().port());
- }
- }
- return redirectMap;
- }
-}
diff --git a/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def b/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
index 1f4763d32a7..c0ad425fcc7 100644
--- a/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
+++ b/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
@@ -116,12 +116,6 @@ proxyProtocol.enabled bool default=false
# Allow https in parallel with proxy protocol
proxyProtocol.mixedMode bool default=false
-# Redirect all requests to https port
-secureRedirect.enabled bool default=false
-
-# Target port for redirect
-secureRedirect.port int default=443
-
# Maximum number of request per connection before server marks connections as non-persistent. Set to '0' to disable.
maxRequestsPerConnection int default=0