diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-11-22 10:58:00 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-22 10:58:00 +0100 |
commit | 2e9b3ba2289336e752464ad25c8e6033297cdbbb (patch) | |
tree | 9538b768fae07e9c41b2eeff180782272bd6896c /controller-server | |
parent | 415c822541d42ff794ab84308d5017ade63cee58 (diff) |
Revert "Bjorncs/controller security filters"
Diffstat (limited to 'controller-server')
5 files changed, 44 insertions, 20 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 26495178c9b..49da3867f76 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -71,6 +71,7 @@ import com.yahoo.vespa.hosted.controller.restapi.MessageResponse; import com.yahoo.vespa.hosted.controller.restapi.ResourceResponse; import com.yahoo.vespa.hosted.controller.restapi.SlimeJsonResponse; import com.yahoo.vespa.hosted.controller.restapi.StringResponse; +import com.yahoo.vespa.hosted.controller.restapi.filter.SetBouncerPassthruHeaderFilter; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import com.yahoo.vespa.hosted.controller.tenant.UserTenant; @@ -168,6 +169,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { if (path.matches("/application/v4/tenant-pipeline")) return tenantPipelines(); if (path.matches("/application/v4/athensDomain")) return athenzDomains(request); if (path.matches("/application/v4/property")) return properties(); + if (path.matches("/application/v4/cookiefreshness")) return cookieFreshness(request); if (path.matches("/application/v4/tenant/{tenant}")) return tenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application")) return applications(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return application(path.get("tenant"), path.get("application"), request); @@ -242,7 +244,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse root(HttpRequest request) { return recurseOverTenants(request) ? recursiveRoot(request) - : new ResourceResponse(request, "user", "tenant", "tenant-pipeline", "athensDomain", "property"); + : new ResourceResponse(request, "user", "tenant", "tenant-pipeline", "athensDomain", "property", "cookiefreshness"); } private HttpResponse authenticatedUser(HttpRequest request) { @@ -314,6 +316,14 @@ public class ApplicationApiHandler extends LoggingRequestHandler { return new SlimeJsonResponse(slime); } + private HttpResponse cookieFreshness(HttpRequest request) { + Slime slime = new Slime(); + String passThruHeader = request.getHeader(SetBouncerPassthruHeaderFilter.BOUNCER_PASSTHRU_HEADER_FIELD); + slime.setObject().setBool("shouldRefreshCookie", + ! SetBouncerPassthruHeaderFilter.BOUNCER_PASSTHRU_COOKIE_OK.equals(passThruHeader)); + return new SlimeJsonResponse(slime); + } + private HttpResponse tenant(String tenantName, HttpRequest request) { return controller.tenants().tenant(TenantName.from(tenantName)) .map(tenant -> tenant(tenant, request, true)) diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java deleted file mode 100644 index 4739df26604..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.restapi.filter; - -import com.yahoo.jdisc.handler.ResponseHandler; -import com.yahoo.jdisc.http.filter.DiscFilterRequest; -import com.yahoo.jdisc.http.filter.SecurityRequestFilter; - -/** - * A no-op filter. Used for bindings that are whitelisted and do not require any authorization. - * - * @author bjorncs - */ -@SuppressWarnings("unused") // Injected -public class NoopFilter implements SecurityRequestFilter { - - @Override - public void filter(DiscFilterRequest request, ResponseHandler handler) {} - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java new file mode 100644 index 00000000000..7ea98528a88 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java @@ -0,0 +1,27 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.restapi.filter; + +import com.yahoo.jdisc.handler.ResponseHandler; +import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.SecurityRequestFilter; +import com.yahoo.yolean.chain.After; + +/** + * @author Stian Kristoffersen + */ +@After("BouncerFilter") +public class SetBouncerPassthruHeaderFilter implements SecurityRequestFilter { + + public static final String BOUNCER_PASSTHRU_ATTRIBUTE = "bouncer.bypassthru"; + public static final String BOUNCER_PASSTHRU_COOKIE_OK = "1"; + public static final String BOUNCER_PASSTHRU_HEADER_FIELD = "com.yahoo.hosted.vespa.bouncer.passthru"; + + @Override + public void filter(DiscFilterRequest request, ResponseHandler handler) { + Object statusProperty = request.getAttribute(BOUNCER_PASSTHRU_ATTRIBUTE); + String status = Integer.toString((int)statusProperty); + + request.addHeader(BOUNCER_PASSTHRU_HEADER_FIELD, status); + } + +} diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 33ac089439c..3d0489ab0a1 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -145,6 +145,9 @@ public class ApplicationApiTest extends ControllerContainerTest { // GET OpsDB properties tester.assertResponse(request("/application/v4/property/", GET).userIdentity(USER_ID), new File("property-list.json")); + // GET cookie freshness + tester.assertResponse(request("/application/v4/cookiefreshness/", GET).userIdentity(USER_ID), + new File("cookiefreshness.json")); // POST (add) a tenant without property ID tester.assertResponse(request("/application/v4/tenant/tenant1", POST) .userIdentity(USER_ID) diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json index 233d35ceb2e..6e4e319d3e1 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json @@ -14,6 +14,9 @@ }, { "url":"http://localhost:8080/application/v4/property/" + }, + { + "url":"http://localhost:8080/application/v4/cookiefreshness/" } ] } |