Custom acl mapping

author: Morten Tokle <mortent@verizonmedia.com> 2021-04-15 11:58:21 +0200
committer: Morten Tokle <mortent@verizonmedia.com> 2021-04-15 12:01:30 +0200
commit: 96c2e442cbb798f0c85990d3f0c760c60ee9a5b3 (patch)
tree: 3e3559545df8686955d083b65eb239baa8c09505 /jdisc-security-filters
parent: 81fad70d16a8494ce0464af6ee4ba9c0e12f6a6e (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
index 56dd3bcbf5b..dd4b62ee494 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
@@ -83,7 +83,7 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase {
     public Optional<ErrorResponse> filter(DiscFilterRequest request) {
         try {
             Optional<ResourceNameAndAction> resourceMapping =
-                    requestResourceMapper.getResourceNameAndAction(request.getMethod(), request.getRequestURI(), request.getQueryString());
+                    requestResourceMapper.getResourceNameAndAction(request);
             log.log(Level.FINE, () -> String.format("Resource mapping for '%s': %s", request, resourceMapping));
             if (resourceMapping.isEmpty()) {
                 incrementAcceptedMetrics(request, false);
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java
index 0bf000efc00..56c52bd71c4 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/RequestResourceMapper.java
@@ -1,6 +1,7 @@
 // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jdisc.http.filter.security.athenz;
 
+import com.yahoo.jdisc.http.filter.DiscFilterRequest;
 import com.yahoo.vespa.athenz.api.AthenzResourceName;
 
 import java.util.Optional;
@@ -17,6 +18,13 @@ public interface RequestResourceMapper {
      */
     Optional<ResourceNameAndAction> getResourceNameAndAction(String method, String uriPath, String uriQuery);
 
+    /**
+     * @return A resource name + action to use for access control, empty if no access control should be performed.
+     */
+    default Optional<ResourceNameAndAction> getResourceNameAndAction(DiscFilterRequest request) {
+        return getResourceNameAndAction(request.getMethod(), request.getRequestURI(), request.getQueryString());
+    }
+
     class ResourceNameAndAction {
         private final AthenzResourceName resourceName;
         private final String action;
author	Morten Tokle <mortent@verizonmedia.com>	2021-04-15 11:58:21 +0200
committer	Morten Tokle <mortent@verizonmedia.com>	2021-04-15 12:01:30 +0200
commit	96c2e442cbb798f0c85990d3f0c760c60ee9a5b3 (patch)
tree	3e3559545df8686955d083b65eb239baa8c09505 /jdisc-security-filters
parent	81fad70d16a8494ce0464af6ee4ba9c0e12f6a6e (diff)