diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-26 13:30:55 +0100 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-26 13:30:55 +0100 |
commit | 4518eb24f0786d514ba38c7eeaf2bb7c2b8dd984 (patch) | |
tree | 686c36b2d2176d7263889de63471f55e22d4b70f /controller-server | |
parent | 09ae8c58287ce583c378887cc88c0b6b7dafb7f7 (diff) |
Return error messages, instead of throwing, as per superclass doc
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index add71cd80d2..7298a0a91d0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -5,6 +5,7 @@ import com.google.inject.Inject; import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; +import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.HttpRequest; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.security.cors.CorsFilterConfig; @@ -76,7 +77,8 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { try { Principal principal = request.getUserPrincipal(); - if (principal == null) throw new ForbiddenException("Access denied."); + if (principal == null) + return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access denied")); Path path = new Path(request.getRequestURI()); Action action = Action.from(HttpRequest.Method.valueOf(request.getMethod())); @@ -86,11 +88,12 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { return Optional.empty(); RoleMembership roles = new AthenzRoleResolver(athenz, controller, path).membership(principal); - if (!roles.allows(action, request.getRequestURI())) { - throw new ForbiddenException("Access denied"); - } - return Optional.empty(); - } catch (WebApplicationException e) { + if (roles.allows(action, request.getRequestURI())) + return Optional.empty(); + + return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access denied")); + } + catch (WebApplicationException e) { int statusCode = e.getResponse().getStatus(); String errorMessage = e.getMessage(); log.log(LogLevel.WARNING, String.format("Access denied (%d): %s", statusCode, errorMessage)); |