diff options
| author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-30 14:24:38 +0200 |
|---|---|---|
| committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-05-02 15:09:09 +0200 |
| commit | c38c63aa6c32aa04a78494430481a170dbabfb77 (patch) | |
| tree | 9e656758075d7a972fef5a798964f6abfc831d26 /jdisc-security-filters | |
| parent | b896901d16333e3af2a120240c6eeda01f5698ed (diff) | |
Let AthenzPrincipalFilter inherit JSRFB directly
Diffstat (limited to 'jdisc-security-filters')
2 files changed, 6 insertions, 16 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilter.java index 3c154fa4d89..a30ca654b83 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilter.java @@ -4,8 +4,7 @@ package com.yahoo.jdisc.http.filter.security.athenz; import com.google.inject.Inject; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; -import com.yahoo.jdisc.http.filter.security.cors.CorsFilterConfig; -import com.yahoo.jdisc.http.filter.security.cors.CorsRequestFilterBase; +import com.yahoo.jdisc.http.filter.security.base.JsonSecurityRequestFilterBase; import com.yahoo.vespa.athenz.api.AthenzPrincipal; import com.yahoo.vespa.athenz.api.NToken; import com.yahoo.vespa.athenz.utils.AthenzIdentities; @@ -13,10 +12,8 @@ import com.yahoo.vespa.athenz.utils.ntoken.NTokenValidator; import java.nio.file.Paths; import java.security.cert.X509Certificate; -import java.util.HashSet; import java.util.List; import java.util.Optional; -import java.util.Set; /** @@ -29,7 +26,7 @@ import java.util.Set; * * @author bjorncs */ -public class AthenzPrincipalFilter extends CorsRequestFilterBase { +public class AthenzPrincipalFilter extends JsonSecurityRequestFilterBase { private static final String RESULT_ATTRIBUTE_PREFIX = "jdisc-security-filters.athenz-principal-filter.result"; public static final String RESULT_ERROR_CODE_ATTRIBUTE = RESULT_ATTRIBUTE_PREFIX + ".error.code"; @@ -41,25 +38,22 @@ public class AthenzPrincipalFilter extends CorsRequestFilterBase { private final boolean passthroughMode; @Inject - public AthenzPrincipalFilter(AthenzPrincipalFilterConfig athenzPrincipalFilterConfig, CorsFilterConfig corsConfig) { + public AthenzPrincipalFilter(AthenzPrincipalFilterConfig athenzPrincipalFilterConfig) { this(new NTokenValidator(Paths.get(athenzPrincipalFilterConfig.athenzConfFile())), athenzPrincipalFilterConfig.principalHeaderName(), - new HashSet<>(corsConfig.allowedUrls()), athenzPrincipalFilterConfig.passthroughMode()); } AthenzPrincipalFilter(NTokenValidator validator, String principalTokenHeader, - Set<String> corsAllowedUrls, boolean passthroughMode) { - super(corsAllowedUrls); this.validator = validator; this.principalTokenHeader = principalTokenHeader; this.passthroughMode = passthroughMode; } @Override - public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { + public Optional<ErrorResponse> filter(DiscFilterRequest request) { try { Optional<AthenzPrincipal> certificatePrincipal = getClientCertificate(request) .map(AthenzIdentities::from) diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java index 3bbc606cf2b..366dbb79f74 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java @@ -56,8 +56,6 @@ public class AthenzPrincipalFilterTest { private static final String ATHENZ_PRINCIPAL_HEADER = "Athenz-Principal-Auth"; private static final AthenzIdentity IDENTITY = AthenzUser.fromUserId("bob"); private static final X509Certificate CERTIFICATE = createSelfSignedCertificate(IDENTITY); - private static final String ORIGIN = "http://localhost"; - private static final Set<String> CORS_ALLOWED_URLS = singleton(ORIGIN); private NTokenValidator validator; @@ -81,9 +79,7 @@ public class AthenzPrincipalFilterTest { } private DiscFilterRequest createRequestMock() { - DiscFilterRequest request = mock(DiscFilterRequest.class); - when(request.getHeader("Origin")).thenReturn(ORIGIN); - return request; + return mock(DiscFilterRequest.class); } @Test @@ -184,7 +180,7 @@ public class AthenzPrincipalFilterTest { } private AthenzPrincipalFilter createFilter(boolean passthroughModeEnabled) { - return new AthenzPrincipalFilter(validator, ATHENZ_PRINCIPAL_HEADER, CORS_ALLOWED_URLS, passthroughModeEnabled); + return new AthenzPrincipalFilter(validator, ATHENZ_PRINCIPAL_HEADER, passthroughModeEnabled); } private static void assertUnauthorized(DiscFilterRequest request, ResponseHandlerMock responseHandler, String expectedMessageSubstring) { |