diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-20 11:05:02 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-20 11:05:02 +0100 |
commit | 77d99174a91ec901a38a2cd7ff8601ab1e905c57 (patch) | |
tree | a3e36c22c3c6cac032cc8d7a8bf829fb5fb97a73 /controller-server | |
parent | a7eeec951733f0bae567e7443e4c74e89b01aaac (diff) |
Enforce authorization rules in ControllerAuthorizationFilter
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 13707772244..2c6726ef527 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -7,7 +7,6 @@ import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpRequest.Method; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; -import com.yahoo.log.LogLevel; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.Controller; @@ -27,7 +26,6 @@ import javax.ws.rs.WebApplicationException; import java.util.Arrays; import java.util.List; import java.util.Optional; -import java.util.logging.Logger; import static com.yahoo.jdisc.http.HttpRequest.Method.GET; import static com.yahoo.jdisc.http.HttpRequest.Method.HEAD; @@ -61,7 +59,7 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { Controller controller, EntityService entityService, ZoneRegistry zoneRegistry) { - this(clientFactory, controller, entityService, zoneRegistry, new LoggingAuthorizationResponseHandler()); + this(clientFactory, controller, entityService, zoneRegistry, new HttpRespondingAuthorizationResponseHandler()); } ControllerAuthorizationFilter(AthenzClientFactory clientFactory, @@ -197,25 +195,6 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { .map(AthenzPrincipal.class::cast); } - private static class LoggingAuthorizationResponseHandler implements AuthorizationResponseHandler { - - @SuppressWarnings("LoggerInitializedWithForeignClass") - private static final Logger log = Logger.getLogger(ControllerAuthorizationFilter.class.getName()); - - @Override - public void handle(ResponseHandler responseHandler, - DiscFilterRequest request, - WebApplicationException exception) { - log.log(LogLevel.WARNING, - String.format("Access denied (%d): '%s'\nPath: %s\nIdentity: %s", - exception.getResponse().getStatus(), - exception.getMessage(), - request.getRequestURI(), - getPrincipal(request).map(p -> p.getIdentity().getFullName()).orElse("[none]"))); - } - } - - // TODO Use this as default once we are confident that the access control does not block legal operations @SuppressWarnings("unused") static class HttpRespondingAuthorizationResponseHandler implements AuthorizationResponseHandler { @Override |