diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-04-15 11:58:21 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-04-15 12:01:30 +0200 |
commit | 96c2e442cbb798f0c85990d3f0c760c60ee9a5b3 (patch) | |
tree | 3e3559545df8686955d083b65eb239baa8c09505 /jdisc-security-filters/src | |
parent | 81fad70d16a8494ce0464af6ee4ba9c0e12f6a6e (diff) |
Custom acl mapping
Diffstat (limited to 'jdisc-security-filters/src')
2 files changed, 9 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java index 56dd3bcbf5b..dd4b62ee494 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java @@ -83,7 +83,7 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase { public Optional<ErrorResponse> filter(DiscFilterRequest request) { try { Optional<ResourceNameAndAction> resourceMapping = - requestResourceMapper.getResourceNameAndAction(request.getMethod(), request.getRequestURI(), request.getQueryString()); + requestResourceMapper.getResourceNameAndAction(request); log.log(Level.FINE, () -> String.format("Resource mapping for '%s': %s", request, resourceMapping)); if (resourceMapping.isEmpty()) { incrementAcceptedMetrics(request, false); diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java index 0bf000efc00..56c52bd71c4 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java @@ -1,6 +1,7 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http.filter.security.athenz; +import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.vespa.athenz.api.AthenzResourceName; import java.util.Optional; @@ -17,6 +18,13 @@ public interface RequestResourceMapper { */ Optional<ResourceNameAndAction> getResourceNameAndAction(String method, String uriPath, String uriQuery); + /** + * @return A resource name + action to use for access control, empty if no access control should be performed. + */ + default Optional<ResourceNameAndAction> getResourceNameAndAction(DiscFilterRequest request) { + return getResourceNameAndAction(request.getMethod(), request.getRequestURI(), request.getQueryString()); + } + class ResourceNameAndAction { private final AthenzResourceName resourceName; private final String action; |