Rewrite AthenzAuthorizationFilter to accept access tokens

Change athenz-authorization-filter.def to have an enum set of enabled credentials.
Delegate to ZPE to determine if a certificate is an Athenz role or identity certificate.
Introduce various request attributes to propagate result from ZPE.

1 files changed, 3 insertions, 3 deletions

diff --git a/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def
index c60b7a125f8..ab8c4a204df 100644
--- a/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def
+++ b/jdisc-security-filters/src/main/resources/configdefinitions/athenz-authorization-filter.def
@@ -2,7 +2,7 @@
 namespace=jdisc.http.filter.security.athenz
 
 # Which credentials to verify. Note: ANY will prioritize token over certificate if both are present.
-credentialsToVerify enum { CERTIFICATE_ONLY, TOKEN_ONLY, ANY } default=ANY
+enabledCredentials[] enum { ROLE_CERTIFICATE, ROLE_TOKEN, ACCESS_TOKEN }
 
-# Name of header which includes role token. Must be set if 'credentialsTypeRequired' is set to TOKEN_ONLY or ANY.
-roleTokenHeaderName string default=""
+# Name of role token http header
+roleTokenHeaderName string default="Athenz-Role-Token"