diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-05 17:40:52 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-07 11:44:56 +0100 |
commit | b555a9a8d6fd30f46ecf079efb82a44dcd9b67fb (patch) | |
tree | 7d0b3259579437c81440fe0d26ffc7611e6154da /controller-server | |
parent | 5d33ace7434aa22642e236f31296b4b02bda46d8 (diff) |
Move getUserId to Authorizer
Diffstat (limited to 'controller-server')
2 files changed, 12 insertions, 12 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 7eb1a76fa6a..0d03bb27e4d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -237,7 +237,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse authenticatedUser(HttpRequest request) { String userIdString = request.getProperty("userOverride"); if (userIdString == null) - userIdString = userFrom(request) + userIdString = authorizer.getUserId(request) .map(UserId::id) .orElseThrow(() -> new ForbiddenException("You must be authenticated or specify userOverride")); UserId userId = new UserId(userIdString); @@ -593,8 +593,8 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse createUser(HttpRequest request) { - Optional<UserId> user = userFrom(request); - if ( ! user.isPresent() ) throw new ForbiddenException("Not authenticated."); + Optional<UserId> user = authorizer.getUserId(request); + if ( ! user.isPresent() ) throw new ForbiddenException("Not authenticated or not an user."); try { controller.tenants().createUserTenant(user.get().id()); @@ -865,15 +865,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } } - private Optional<UserId> userFrom(HttpRequest request) { - return Optional.of(authorizer.getPrincipal(request)) - .map(AthenzPrincipal::getIdentity) - .filter(AthenzUser.class::isInstance) - .map(AthenzUser.class::cast) - .map(AthenzUser::getName) - .map(UserId::new); - } - private void toSlime(Cursor object, Tenant tenant, HttpRequest request, boolean listApplications) { object.setString("tenant", tenant.getId().id()); object.setString("type", tenant.tenantType().name()); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java index f7bbde60086..28564e92ce3 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java @@ -76,6 +76,15 @@ public class Authorizer { return getPrincipal(request).getNToken(); } + public Optional<UserId> getUserId(HttpRequest request) { + return Optional.of(getPrincipal(request)) + .map(AthenzPrincipal::getIdentity) + .filter(AthenzUser.class::isInstance) + .map(AthenzUser.class::cast) + .map(AthenzUser::getName) + .map(UserId::new); + } + public boolean isSuperUser(HttpRequest request) { // TODO Replace check with membership of a dedicated 'hosted Vespa super-user' role in Vespa's Athenz domain return isMemberOfVespaBouncerGroup(request); |