Revert "Bjorncs/controller security filters"

5 files changed, 44 insertions, 20 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 26495178c9b..49da3867f76 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -71,6 +71,7 @@ import com.yahoo.vespa.hosted.controller.restapi.MessageResponse;
 import com.yahoo.vespa.hosted.controller.restapi.ResourceResponse;
 import com.yahoo.vespa.hosted.controller.restapi.SlimeJsonResponse;
 import com.yahoo.vespa.hosted.controller.restapi.StringResponse;
+import com.yahoo.vespa.hosted.controller.restapi.filter.SetBouncerPassthruHeaderFilter;
 import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant;
 import com.yahoo.vespa.hosted.controller.tenant.Tenant;
 import com.yahoo.vespa.hosted.controller.tenant.UserTenant;
@@ -168,6 +169,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
         if (path.matches("/application/v4/tenant-pipeline")) return tenantPipelines();
         if (path.matches("/application/v4/athensDomain")) return athenzDomains(request);
         if (path.matches("/application/v4/property")) return properties();
+        if (path.matches("/application/v4/cookiefreshness")) return cookieFreshness(request);
         if (path.matches("/application/v4/tenant/{tenant}")) return tenant(path.get("tenant"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application")) return applications(path.get("tenant"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return application(path.get("tenant"), path.get("application"), request);
@@ -242,7 +244,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
     private HttpResponse root(HttpRequest request) {
         return recurseOverTenants(request)
                 ? recursiveRoot(request)
-                : new ResourceResponse(request, "user", "tenant", "tenant-pipeline", "athensDomain", "property");
+                : new ResourceResponse(request, "user", "tenant", "tenant-pipeline", "athensDomain", "property", "cookiefreshness");
     }
 
     private HttpResponse authenticatedUser(HttpRequest request) {
@@ -314,6 +316,14 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
         return new SlimeJsonResponse(slime);
     }
 
+    private HttpResponse cookieFreshness(HttpRequest request) {
+        Slime slime = new Slime();
+        String passThruHeader = request.getHeader(SetBouncerPassthruHeaderFilter.BOUNCER_PASSTHRU_HEADER_FIELD);
+        slime.setObject().setBool("shouldRefreshCookie",
+                                  ! SetBouncerPassthruHeaderFilter.BOUNCER_PASSTHRU_COOKIE_OK.equals(passThruHeader));
+        return new SlimeJsonResponse(slime);
+    }
+
     private HttpResponse tenant(String tenantName, HttpRequest request) {
         return controller.tenants().tenant(TenantName.from(tenantName))
                          .map(tenant -> tenant(tenant, request, true))
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java
deleted file mode 100644
index 4739df26604..00000000000
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/NoopFilter.java
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.restapi.filter;
-
-import com.yahoo.jdisc.handler.ResponseHandler;
-import com.yahoo.jdisc.http.filter.DiscFilterRequest;
-import com.yahoo.jdisc.http.filter.SecurityRequestFilter;
-
-/**
- * A no-op filter. Used for bindings that are whitelisted and do not require any authorization.
- *
- * @author bjorncs
- */
-@SuppressWarnings("unused") // Injected
-public class NoopFilter implements SecurityRequestFilter {
-
-    @Override
-    public void filter(DiscFilterRequest request, ResponseHandler handler) {}
-
-}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java
new file mode 100644
index 00000000000..7ea98528a88
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SetBouncerPassthruHeaderFilter.java
@@ -0,0 +1,27 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.restapi.filter;
+
+import com.yahoo.jdisc.handler.ResponseHandler;
+import com.yahoo.jdisc.http.filter.DiscFilterRequest;
+import com.yahoo.jdisc.http.filter.SecurityRequestFilter;
+import com.yahoo.yolean.chain.After;
+
+/**
+ * @author Stian Kristoffersen
+ */
+@After("BouncerFilter")
+public class SetBouncerPassthruHeaderFilter implements SecurityRequestFilter {
+
+    public static final String BOUNCER_PASSTHRU_ATTRIBUTE = "bouncer.bypassthru";
+    public static final String BOUNCER_PASSTHRU_COOKIE_OK = "1";
+    public static final String BOUNCER_PASSTHRU_HEADER_FIELD = "com.yahoo.hosted.vespa.bouncer.passthru";
+
+    @Override
+    public void filter(DiscFilterRequest request, ResponseHandler handler) {
+        Object statusProperty = request.getAttribute(BOUNCER_PASSTHRU_ATTRIBUTE);
+        String status = Integer.toString((int)statusProperty);
+
+        request.addHeader(BOUNCER_PASSTHRU_HEADER_FIELD, status);
+    }
+
+}
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 33ac089439c..3d0489ab0a1 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -145,6 +145,9 @@ public class ApplicationApiTest extends ControllerContainerTest {
         // GET OpsDB properties
         tester.assertResponse(request("/application/v4/property/", GET).userIdentity(USER_ID),
                               new File("property-list.json"));
+        // GET cookie freshness
+        tester.assertResponse(request("/application/v4/cookiefreshness/", GET).userIdentity(USER_ID),
+                              new File("cookiefreshness.json"));
         // POST (add) a tenant without property ID
         tester.assertResponse(request("/application/v4/tenant/tenant1", POST)
                                       .userIdentity(USER_ID)
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
index 233d35ceb2e..6e4e319d3e1 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
@@ -14,6 +14,9 @@
     },
     {
       "url":"http://localhost:8080/application/v4/property/"
+    },
+    {
+      "url":"http://localhost:8080/application/v4/cookiefreshness/"
     }
   ]
 }