diff options
author | Harald Musum <musum@verizonmedia.com> | 2020-01-24 14:17:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-24 14:17:13 +0100 |
commit | 5eb436554c43ccc2d4b97421733b206081b2681d (patch) | |
tree | 78ad0c97295aad5f501bf9ab0072525baddebe43 /jdisc-security-filters/src | |
parent | e2d7d10f664ec221708d051ec754d68fc6cee5b6 (diff) |
Revert "Bjorncs/update zpe"
Diffstat (limited to 'jdisc-security-filters/src')
2 files changed, 7 insertions, 10 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java index 9151aa1b693..74e0ee36959 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java @@ -121,12 +121,11 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase { ZpeCheck<C> accessCheck, Function<C, AthenzPrincipal> principalFactory) { AuthorizationResult authorizationResult = accessCheck.checkAccess(credentials, resAndAction.resourceName(), resAndAction.action()); - if (authorizationResult.type() == AuthorizationResult.Type.ALLOW) { + if (authorizationResult == AuthorizationResult.ALLOW) { request.setUserPrincipal(principalFactory.apply(credentials)); - authorizationResult.matchedRole().ifPresent(role -> request.setUserRoles(new String[] {role.roleName()})); return Optional.empty(); } - return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + authorizationResult.type().getDescription())); + return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + authorizationResult.getDescription())); } private static AthenzPrincipal createPrincipal(X509Certificate certificate) { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 197ba89f3e3..b81b26d458b 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -5,7 +5,6 @@ import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.vespa.athenz.api.AthenzResourceName; -import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.ZToken; import com.yahoo.vespa.athenz.zpe.AuthorizationResult; import com.yahoo.vespa.athenz.zpe.Zpe; @@ -15,7 +14,6 @@ import org.mockito.Mockito; import java.security.cert.X509Certificate; import static com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilterConfig.CredentialsToVerify.Enum.ANY; -import static com.yahoo.vespa.athenz.zpe.AuthorizationResult.*; import static java.util.Collections.emptyList; import static org.hamcrest.CoreMatchers.containsString; import static org.junit.Assert.assertEquals; @@ -66,7 +64,7 @@ public class AthenzAuthorizationFilterTest { assertNotNull(response); assertEquals(403, response.getStatus()); String content = responseHandler.readAll(); - assertThat(content, containsString(Type.DENY.getDescription())); + assertThat(content, containsString(AuthorizationResult.DENY.getDescription())); } private static DiscFilterRequest createRequest() { @@ -82,24 +80,24 @@ public class AthenzAuthorizationFilterTest { static class AllowingZpe implements Zpe { @Override public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename")); + return AuthorizationResult.ALLOW; } @Override public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename")); + return AuthorizationResult.ALLOW; } } static class DenyingZpe implements Zpe { @Override public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return new AuthorizationResult(Type.DENY); + return AuthorizationResult.DENY; } @Override public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return new AuthorizationResult(Type.DENY); + return AuthorizationResult.DENY; } } |