aboutsummaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorn.christian@seime.no>2018-04-25 13:48:10 +0200
committerGitHub <noreply@github.com>2018-04-25 13:48:10 +0200
commite2d4b112ef1308ea1e03c22e91e8dae561071f81 (patch)
treea0c61bd39868b2f32eed7b48c411058372b56bfd /controller-server
parente050d9611ae75ef0d887d1a34593b08a6c85d4ab (diff)
parent1ff6812d0b8c012129439307eb486fda763fc8d4 (diff)
Merge pull request #5694 from vespa-engine/bjorncs/json-security-filter-base
Bjorncs/json security filter base
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java2
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java2
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java2
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java10
4 files changed, 8 insertions, 8 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
index e3df55a9c85..5166f53c6d2 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
@@ -58,7 +58,7 @@ public class AthenzPrincipalFilter extends CorsRequestFilterBase {
}
@Override
- public Optional<ErrorResponse> filter(DiscFilterRequest request) {
+ public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) {
try {
Optional<AthenzPrincipal> certificatePrincipal = getClientCertificate(request)
.map(AthenzIdentities::from)
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java
index 909051dcefc..910cf05b156 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java
@@ -48,7 +48,7 @@ public class UserAuthWithAthenzPrincipalFilter extends AthenzPrincipalFilter {
}
@Override
- public Optional<ErrorResponse> filter(DiscFilterRequest request) {
+ public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) {
if (request.getMethod().equals("OPTIONS")) return Optional.empty(); // Skip authentication on OPTIONS - required for Javascript CORS
try {
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 41b4091f836..0b1b88c4389 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -78,7 +78,7 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase {
// NOTE: Be aware of the ordering of the path pattern matching. Semantics may change if the patterns are evaluated
// in different order.
@Override
- public Optional<ErrorResponse> filter(DiscFilterRequest request) {
+ public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) {
Method method = getMethod(request);
if (isWhiteListedMethod(method)) return Optional.empty();
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 22d487628e7..c7a3cf76085 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -746,7 +746,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", POST)
.userIdentity(unauthorizedUser)
.nToken(N_TOKEN),
- "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
+ "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
403);
// (Create it with the right tenant id)
@@ -761,13 +761,13 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", POST)
.data(entity)
.userIdentity(USER_ID),
- "{\n \"message\" : \"'user.myuser' is not a Screwdriver identity. Only Screwdriver is allowed to deploy to this environment.\"\n}",
+ "{\n \"code\" : 403,\n \"message\" : \"'user.myuser' is not a Screwdriver identity. Only Screwdriver is allowed to deploy to this environment.\"\n}",
403);
// Deleting an application for an Athens domain the user is not admin for is disallowed
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", DELETE)
.userIdentity(unauthorizedUser),
- "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
+ "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
403);
// (Deleting it with the right tenant id)
@@ -781,7 +781,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1", PUT)
.data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}")
.userIdentity(unauthorizedUser),
- "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
+ "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
403);
// Change Athens domain
@@ -796,7 +796,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
// Deleting a tenant for an Athens domain the user is not admin for is disallowed
tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE)
.userIdentity(unauthorizedUser),
- "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
+ "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}",
403);
}