diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-09 17:11:18 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-09 17:11:18 +0100 |
commit | 3014e3e42ce93ec638eda67d0fd0c40f68431707 (patch) | |
tree | cbc4b587293c97e8d88dcc6bdf3bc0407693404b /jrt/src | |
parent | cf2673c4494f233c086dc54d747a377474801fb9 (diff) |
Define required capabilities for existing JRT RPC methods
Diffstat (limited to 'jrt/src')
-rw-r--r-- | jrt/src/com/yahoo/jrt/Method.java | 9 | ||||
-rw-r--r-- | jrt/src/com/yahoo/jrt/slobrok/api/Register.java | 3 | ||||
-rw-r--r-- | jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java | 4 |
3 files changed, 16 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java index e69c6bcd802..a5e5e7280d9 100644 --- a/jrt/src/com/yahoo/jrt/Method.java +++ b/jrt/src/com/yahoo/jrt/Method.java @@ -2,6 +2,9 @@ package com.yahoo.jrt; +import com.yahoo.security.tls.Capability; +import com.yahoo.security.tls.CapabilitySet; + /** * <p>A Method encapsulates the reflective information about a single RPC * method.</p> @@ -150,6 +153,12 @@ public class Method { } public Method requestAccessFilter(RequestAccessFilter filter) { this.filter = filter; return this; } + public Method requireCapabilities(Capability... capabilities) { return requireCapabilities(CapabilitySet.from(capabilities)); } + public Method requireCapabilities(CapabilitySet capabilities) { + if (filter != null) throw new IllegalStateException(); + filter = new RequireCapabilitiesFilter(capabilities); + return this; + } public RequestAccessFilter requestAccessFilter() { return filter; } diff --git a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java index e529dea2eff..6c8ffd21d91 100644 --- a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java +++ b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java @@ -14,6 +14,7 @@ import com.yahoo.jrt.Target; import com.yahoo.jrt.Task; import com.yahoo.jrt.TransportThread; import com.yahoo.jrt.Values; +import com.yahoo.security.tls.Capability; import java.time.Duration; import java.util.ArrayList; @@ -97,6 +98,7 @@ public class Register { handleRpcList(req); } }) + .requireCapabilities(Capability.CLIENT__SLOBROK_API) .methodDesc("List rpcserver names") .returnDesc(0, "names", "The rpcserver names this server wants to serve"); @@ -107,6 +109,7 @@ public class Register { handleRpcUnreg(req); } }) + .requireCapabilities(Capability.CLIENT__SLOBROK_API) .methodDesc("Notify a server about removed registration") .paramDesc(0, "name", "RpcServer name"); orb.addMethod(m_unreg); diff --git a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java index 5fd8beb3cc7..ca27e34b986 100644 --- a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java +++ b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java @@ -16,6 +16,7 @@ import com.yahoo.jrt.Target; import com.yahoo.jrt.TargetWatcher; import com.yahoo.jrt.Task; import com.yahoo.jrt.Transport; +import com.yahoo.security.tls.Capability; import java.time.Duration; import java.util.ArrayList; @@ -137,6 +138,7 @@ public class Slobrok { rpc_register(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Register a rpcserver") .paramDesc(0, "name", "RpcServer name") .paramDesc(1, "spec", "The connection specification")); @@ -146,6 +148,7 @@ public class Slobrok { rpc_unregister(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Unregister a rpcserver") .paramDesc(0, "name", "RpcServer name") .paramDesc(1, "spec", "The connection specification")); @@ -156,6 +159,7 @@ public class Slobrok { rpc_fetchIncremental(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Fetch or update mirror of name to spec map") .paramDesc(0, "gencnt", "generation already known by client") .paramDesc(1, "timeout", "How many milliseconds to wait for changes" |