diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-09 11:29:36 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-09 11:29:36 +0200 |
commit | 5b23cba3f2bc7cda5c6eced3267c75198da9904a (patch) | |
tree | e75a59f02e1ddfb0e7aa941a53bfc95f32905bbb /jdisc-security-filters/src/main/java/com/yahoo | |
parent | c3667718a63a8703bf62833dcb92b7ad5422d0cc (diff) |
Move LocalhostFilter and NoopFilter to jdisc-security-filters
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo')
2 files changed, 53 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilter.java new file mode 100644 index 00000000000..1623128fac2 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilter.java @@ -0,0 +1,33 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.misc; + +import com.google.common.net.InetAddresses; +import com.yahoo.jdisc.Response; +import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.security.base.JsonSecurityRequestFilterBase; + +import java.net.InetAddress; +import java.util.Optional; + +/** + * A security filter that only allows self-originating requests. + * + * @author mpolden + * @author bjorncs + */ +@SuppressWarnings("unused") // Injected +public class LocalhostFilter extends JsonSecurityRequestFilterBase { + + @Override + protected Optional<ErrorResponse> filter(DiscFilterRequest request) { + InetAddress remoteAddr = InetAddresses.forString(request.getRemoteAddr()); + if (!remoteAddr.isLoopbackAddress() && !request.getRemoteAddr().equals(request.getLocalAddr())) { + return Optional.of(new ErrorResponse( + Response.Status.UNAUTHORIZED, + String.format("%s %s denied for %s: Unauthorized host", request.getMethod(), + request.getUri().getPath(), request.getRemoteAddr()))); + } + return Optional.empty(); + } + +} diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/NoopFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/NoopFilter.java new file mode 100644 index 00000000000..cb1130e8825 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/NoopFilter.java @@ -0,0 +1,20 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.misc; + +import com.yahoo.jdisc.handler.ResponseHandler; +import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.SecurityRequestFilter; + +/** + * A no-op filter. Used for bindings that are whitelisted and do not require any authorization. + * + * @author mpolden + */ +@SuppressWarnings("unused") // Injected +public class NoopFilter implements SecurityRequestFilter { + + @Override + public void filter(DiscFilterRequest request, ResponseHandler handler) { + } + +} |