diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-04-25 13:48:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-25 13:48:10 +0200 |
commit | e2d4b112ef1308ea1e03c22e91e8dae561071f81 (patch) | |
tree | a0c61bd39868b2f32eed7b48c411058372b56bfd /controller-server | |
parent | e050d9611ae75ef0d887d1a34593b08a6c85d4ab (diff) | |
parent | 1ff6812d0b8c012129439307eb486fda763fc8d4 (diff) |
Merge pull request #5694 from vespa-engine/bjorncs/json-security-filter-base
Bjorncs/json security filter base
Diffstat (limited to 'controller-server')
4 files changed, 8 insertions, 8 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java index e3df55a9c85..5166f53c6d2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java @@ -58,7 +58,7 @@ public class AthenzPrincipalFilter extends CorsRequestFilterBase { } @Override - public Optional<ErrorResponse> filter(DiscFilterRequest request) { + public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { try { Optional<AthenzPrincipal> certificatePrincipal = getClientCertificate(request) .map(AthenzIdentities::from) diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java index 909051dcefc..910cf05b156 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/UserAuthWithAthenzPrincipalFilter.java @@ -48,7 +48,7 @@ public class UserAuthWithAthenzPrincipalFilter extends AthenzPrincipalFilter { } @Override - public Optional<ErrorResponse> filter(DiscFilterRequest request) { + public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { if (request.getMethod().equals("OPTIONS")) return Optional.empty(); // Skip authentication on OPTIONS - required for Javascript CORS try { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 41b4091f836..0b1b88c4389 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -78,7 +78,7 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { // NOTE: Be aware of the ordering of the path pattern matching. Semantics may change if the patterns are evaluated // in different order. @Override - public Optional<ErrorResponse> filter(DiscFilterRequest request) { + public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { Method method = getMethod(request); if (isWhiteListedMethod(method)) return Optional.empty(); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 22d487628e7..c7a3cf76085 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -746,7 +746,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", POST) .userIdentity(unauthorizedUser) .nToken(N_TOKEN), - "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", + "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", 403); // (Create it with the right tenant id) @@ -761,13 +761,13 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", POST) .data(entity) .userIdentity(USER_ID), - "{\n \"message\" : \"'user.myuser' is not a Screwdriver identity. Only Screwdriver is allowed to deploy to this environment.\"\n}", + "{\n \"code\" : 403,\n \"message\" : \"'user.myuser' is not a Screwdriver identity. Only Screwdriver is allowed to deploy to this environment.\"\n}", 403); // Deleting an application for an Athens domain the user is not admin for is disallowed tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", DELETE) .userIdentity(unauthorizedUser), - "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", + "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", 403); // (Deleting it with the right tenant id) @@ -781,7 +781,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1", PUT) .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}") .userIdentity(unauthorizedUser), - "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", + "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", 403); // Change Athens domain @@ -796,7 +796,7 @@ public class ApplicationApiTest extends ControllerContainerTest { // Deleting a tenant for an Athens domain the user is not admin for is disallowed tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE) .userIdentity(unauthorizedUser), - "{\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", + "{\n \"code\" : 403,\n \"message\" : \"Tenant admin or Vespa operator role required\"\n}", 403); } |