Revert "Restrict server names accepted per connector"

author: Harald Musum <musum@verizonmedia.com> 2022-10-06 13:11:54 +0200
committer: GitHub <noreply@github.com> 2022-10-06 13:11:54 +0200
commit: 878e46f2d9c59b368b4f88da9dc5920b465eda19 (patch)
tree: 78fc20852c57dfce4102f5ad675016067584d8b6 /container-core
parent: bbb47ccadb603a84b3a9d4e695aa098ea46a25ad (diff)
6 files changed, 46 insertions, 78 deletions
diff --git a/container-core/abi-spec.json b/container-core/abi-spec.json
index 7844282b7e9..5985e79b786 100644
--- a/container-core/abi-spec.json
+++ b/container-core/abi-spec.json
@@ -1236,13 +1236,9 @@
       "public void <init>()",
       "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$ServerName)",
       "public com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder fallback(java.lang.String)",
-      "public com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder allowed(java.lang.String)",
-      "public com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder allowed(java.util.Collection)",
       "public com.yahoo.jdisc.http.ConnectorConfig$ServerName build()"
     ],
-    "fields": [
-      "public java.util.List allowed"
-    ]
+    "fields": []
   },
   "com.yahoo.jdisc.http.ConnectorConfig$ServerName": {
     "superClass": "com.yahoo.config.InnerNode",
@@ -1253,9 +1249,7 @@
     ],
     "methods": [
       "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$ServerName$Builder)",
-      "public java.lang.String fallback()",
-      "public java.util.List allowed()",
-      "public java.lang.String allowed(int)"
+      "public java.lang.String fallback()"
     ],
     "fields": []
   },
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index e59e95a59a7..bf278981b69 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -9,6 +9,7 @@ import com.yahoo.jdisc.http.ssl.impl.DefaultConnectorSsl;
 import com.yahoo.security.tls.MixedMode;
 import com.yahoo.security.tls.TransportSecurityUtils;
 import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
+import org.eclipse.jetty.http.HttpCompliance;
 import org.eclipse.jetty.http2.server.AbstractHTTP2ServerConnectionFactory;
 import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
 import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
@@ -81,9 +82,16 @@ public class ConnectorFactory {
 
     public ServerConnector createConnector(final Metric metric, final Server server, JettyConnectionLogger connectionLogger,
                                            ConnectionMetricAggregator connectionMetricAggregator) {
-        return new JDiscServerConnector(
+        ServerConnector connector = new JDiscServerConnector(
                 connectorConfig, metric, server, connectionLogger, connectionMetricAggregator,
                 createConnectionFactories(metric).toArray(ConnectionFactory[]::new));
+        connector.setPort(connectorConfig.listenPort());
+        connector.setName(connectorConfig.name());
+        connector.setAcceptQueueSize(connectorConfig.acceptQueueSize());
+        connector.setReuseAddress(connectorConfig.reuseAddress());
+        connector.setIdleTimeout(toMillis(connectorConfig.idleTimeout()));
+        connector.addBean(HttpCompliance.RFC7230);
+        return connector;
     }
 
     private List<ConnectionFactory> createConnectionFactories(Metric metric) {
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscServerConnector.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscServerConnector.java
index 4b297fd5a44..79cdb8f67cf 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscServerConnector.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscServerConnector.java
@@ -3,7 +3,6 @@ package com.yahoo.jdisc.http.server.jetty;
 
 import com.yahoo.jdisc.Metric;
 import com.yahoo.jdisc.http.ConnectorConfig;
-import org.eclipse.jetty.http.HttpCompliance;
 import org.eclipse.jetty.io.ConnectionStatistics;
 import org.eclipse.jetty.server.ConnectionFactory;
 import org.eclipse.jetty.server.Server;
@@ -51,16 +50,8 @@ class JDiscServerConnector extends ServerConnector {
         }
         addBean(connectionLogger);
         addBean(connectionMetricAggregator);
-        setPort(config.listenPort());
-        setName(config.name());
-        setAcceptQueueSize(config.acceptQueueSize());
-        setReuseAddress(config.reuseAddress());
-        setIdleTimeout(toMillis(config.idleTimeout()));
-        addBean(HttpCompliance.RFC7230);
     }
 
-    private static long toMillis(double seconds) { return (long)(seconds * 1000); }
-
     @Override
     protected void configure(final Socket socket) {
         super.configure(socket);
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
index d2811847995..96c5bac335b 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
@@ -14,6 +14,7 @@ import org.eclipse.jetty.http.HttpField;
 import org.eclipse.jetty.jmx.ConnectorServer;
 import org.eclipse.jetty.jmx.MBeanContainer;
 import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
@@ -138,51 +139,43 @@ public class JettyHttpServer extends AbstractServerProvider {
     private HandlerCollection getHandlerCollection(ServerConfig serverConfig,
                                                    List<JDiscServerConnector> connectors,
                                                    ServletHolder jdiscServlet) {
-        HandlerCollection connectorSpecificHandlers = new HandlerCollection();
-        for (JDiscServerConnector connector : connectors) {
-            ServletContextHandler servletContextHandler = createServletContextHandler(connector);
-            servletContextHandler.addServlet(jdiscServlet, "/*");
-
-            List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList());
-            var secureRedirectHandler = new SecuredRedirectHandler(connectorConfigs);
-            secureRedirectHandler.setHandler(servletContextHandler);
-
-            var proxyHandler = new HealthCheckProxyHandler(connectors);
-            proxyHandler.setHandler(secureRedirectHandler);
-
-            var authEnforcer = new TlsClientAuthenticationEnforcer(connectorConfigs);
-            authEnforcer.setHandler(proxyHandler);
-
-            GzipHandler gzipHandler = newGzipHandler(serverConfig);
-            gzipHandler.setHandler(authEnforcer);
-
-            HttpResponseStatisticsCollector statisticsCollector =
-                    new HttpResponseStatisticsCollector(serverConfig.metric().monitoringHandlerPaths(),
-                                                        serverConfig.metric().searchHandlerPaths());
-            statisticsCollector.setHandler(gzipHandler);
-            for (String agent : serverConfig.metric().ignoredUserAgents()) {
-                statisticsCollector.ignoreUserAgent(agent);
-            }
-            StatisticsHandler statisticsHandler = newStatisticsHandler();
-            statisticsHandler.setHandler(statisticsCollector);
+        ServletContextHandler servletContextHandler = createServletContextHandler();
+        servletContextHandler.addServlet(jdiscServlet, "/*");
+
+        List<ConnectorConfig> connectorConfigs = connectors.stream().map(JDiscServerConnector::connectorConfig).collect(toList());
+        var secureRedirectHandler = new SecuredRedirectHandler(connectorConfigs);
+        secureRedirectHandler.setHandler(servletContextHandler);
+
+        var proxyHandler = new HealthCheckProxyHandler(connectors);
+        proxyHandler.setHandler(secureRedirectHandler);
+
+        var authEnforcer = new TlsClientAuthenticationEnforcer(connectorConfigs);
+        authEnforcer.setHandler(proxyHandler);
 
-            connectorSpecificHandlers.addHandler(statisticsHandler);
+        GzipHandler gzipHandler = newGzipHandler(serverConfig);
+        gzipHandler.setHandler(authEnforcer);
+
+        HttpResponseStatisticsCollector statisticsCollector =
+                new HttpResponseStatisticsCollector(serverConfig.metric().monitoringHandlerPaths(),
+                                                    serverConfig.metric().searchHandlerPaths());
+        statisticsCollector.setHandler(gzipHandler);
+        for (String agent : serverConfig.metric().ignoredUserAgents()) {
+            statisticsCollector.ignoreUserAgent(agent);
         }
 
-        return connectorSpecificHandlers;
+        StatisticsHandler statisticsHandler = newStatisticsHandler();
+        statisticsHandler.setHandler(statisticsCollector);
+
+        HandlerCollection handlerCollection = new HandlerCollection();
+        handlerCollection.setHandlers(new Handler[] { statisticsHandler });
+        return handlerCollection;
     }
 
-    private ServletContextHandler createServletContextHandler(JDiscServerConnector connector) {
-        var ctx = new ServletContextHandler(ServletContextHandler.NO_SECURITY | ServletContextHandler.NO_SESSIONS);
-        ctx.setContextPath("/");
-        ctx.setDisplayName(getDisplayName(listenedPorts));
-        List<String> allowedServerNames = connector.connectorConfig().serverName().allowed();
-        if (allowedServerNames.isEmpty()) {
-            ctx.setVirtualHosts(new String[]{"@%s".formatted(connector.getName())});
-        } else {
-            ctx.setVirtualHosts(allowedServerNames.toArray(new String[0]));
-        }
-        return ctx;
+    private ServletContextHandler createServletContextHandler() {
+        ServletContextHandler servletContextHandler = new ServletContextHandler(ServletContextHandler.NO_SECURITY | ServletContextHandler.NO_SESSIONS);
+        servletContextHandler.setContextPath("/");
+        servletContextHandler.setDisplayName(getDisplayName(listenedPorts));
+        return servletContextHandler;
     }
 
     private static String getDisplayName(List<Integer> ports) {
diff --git a/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def b/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
index 5e50be05115..1f4763d32a7 100644
--- a/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
+++ b/container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def
@@ -138,5 +138,3 @@ http2.maxConcurrentStreams int default=4096
 # Override the default server name when authority is missing from request.
 serverName.fallback string default=""
 
-# The list of accepted server names. Empty list to accept any. Elements follows format of 'serverName.default'.
-serverName.allowed[] string
diff --git a/container-core/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpServerTest.java b/container-core/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpServerTest.java
index 318067ac634..2c5d36bd776 100644
--- a/container-core/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpServerTest.java
+++ b/container-core/src/test/java/com/yahoo/jdisc/http/server/jetty/HttpServerTest.java
@@ -743,7 +743,7 @@ public class HttpServerTest {
     }
 
     @Test
-    void fallbackServerNameCanBeOverridden() throws Exception {
+    void requestThatFallbackServerNameCanBeOverridden() throws Exception {
         String fallbackHostname = "myhostname";
         JettyTestDriver driver = JettyTestDriver.newConfiguredInstance(
                 new UriRequestHandler(),
@@ -752,29 +752,13 @@ public class HttpServerTest {
                         .serverName(new ConnectorConfig.ServerName.Builder().fallback(fallbackHostname)));
         int listenPort = driver.server().getListenPort();
         HttpGet req = new HttpGet("http://localhost:" + listenPort + "/");
-        req.setHeader("Host", null);
+        req.addHeader("Host", null);
         driver.client().execute(req)
                 .expectStatusCode(is(OK))
                 .expectContent(containsString("http://" + fallbackHostname + ":" + listenPort + "/"));
         assertTrue(driver.close());
     }
 
-    @Test
-    void acceptedServerNamesCanBeRestricted() throws Exception {
-        String requiredServerName = "myhostname";
-        JettyTestDriver driver = JettyTestDriver.newConfiguredInstance(
-                new EchoRequestHandler(),
-                new ServerConfig.Builder(),
-                new ConnectorConfig.Builder()
-                        .serverName(new ConnectorConfig.ServerName.Builder().allowed(requiredServerName)));
-        int listenPort = driver.server().getListenPort();
-        HttpGet req = new HttpGet("http://localhost:" + listenPort + "/");
-        req.setHeader("Host", requiredServerName);
-        driver.client().execute(req).expectStatusCode(is(OK));
-        driver.client().get("/").expectStatusCode(is(NOT_FOUND));
-        assertTrue(driver.close());
-    }
-
     private static JettyTestDriver createSslWithTlsClientAuthenticationEnforcer(Path certificateFile, Path privateKeyFile) {
         ConnectorConfig.Builder connectorConfig = new ConnectorConfig.Builder()
                 .tlsClientAuthEnforcer(
author	Harald Musum <musum@verizonmedia.com>	2022-10-06 13:11:54 +0200
committer	GitHub <noreply@github.com>	2022-10-06 13:11:54 +0200
commit	878e46f2d9c59b368b4f88da9dc5920b465eda19 (patch)
tree	78fc20852c57dfce4102f5ad675016067584d8b6 /container-core
parent	bbb47ccadb603a84b3a9d4e695aa098ea46a25ad (diff)