summaryrefslogtreecommitdiffstats
path: root/jrt
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2023-02-09 17:11:18 +0100
committerBjørn Christian Seime <bjorncs@yahooinc.com>2023-02-09 17:11:18 +0100
commit3014e3e42ce93ec638eda67d0fd0c40f68431707 (patch)
treecbc4b587293c97e8d88dcc6bdf3bc0407693404b /jrt
parentcf2673c4494f233c086dc54d747a377474801fb9 (diff)
Define required capabilities for existing JRT RPC methods
Diffstat (limited to 'jrt')
-rw-r--r--jrt/src/com/yahoo/jrt/Method.java9
-rw-r--r--jrt/src/com/yahoo/jrt/slobrok/api/Register.java3
-rw-r--r--jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java4
3 files changed, 16 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java
index e69c6bcd802..a5e5e7280d9 100644
--- a/jrt/src/com/yahoo/jrt/Method.java
+++ b/jrt/src/com/yahoo/jrt/Method.java
@@ -2,6 +2,9 @@
package com.yahoo.jrt;
+import com.yahoo.security.tls.Capability;
+import com.yahoo.security.tls.CapabilitySet;
+
/**
* <p>A Method encapsulates the reflective information about a single RPC
* method.</p>
@@ -150,6 +153,12 @@ public class Method {
}
public Method requestAccessFilter(RequestAccessFilter filter) { this.filter = filter; return this; }
+ public Method requireCapabilities(Capability... capabilities) { return requireCapabilities(CapabilitySet.from(capabilities)); }
+ public Method requireCapabilities(CapabilitySet capabilities) {
+ if (filter != null) throw new IllegalStateException();
+ filter = new RequireCapabilitiesFilter(capabilities);
+ return this;
+ }
public RequestAccessFilter requestAccessFilter() { return filter; }
diff --git a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java
index e529dea2eff..6c8ffd21d91 100644
--- a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java
+++ b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java
@@ -14,6 +14,7 @@ import com.yahoo.jrt.Target;
import com.yahoo.jrt.Task;
import com.yahoo.jrt.TransportThread;
import com.yahoo.jrt.Values;
+import com.yahoo.security.tls.Capability;
import java.time.Duration;
import java.util.ArrayList;
@@ -97,6 +98,7 @@ public class Register {
handleRpcList(req);
}
})
+ .requireCapabilities(Capability.CLIENT__SLOBROK_API)
.methodDesc("List rpcserver names")
.returnDesc(0, "names",
"The rpcserver names this server wants to serve");
@@ -107,6 +109,7 @@ public class Register {
handleRpcUnreg(req);
}
})
+ .requireCapabilities(Capability.CLIENT__SLOBROK_API)
.methodDesc("Notify a server about removed registration")
.paramDesc(0, "name", "RpcServer name");
orb.addMethod(m_unreg);
diff --git a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java
index 5fd8beb3cc7..ca27e34b986 100644
--- a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java
+++ b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java
@@ -16,6 +16,7 @@ import com.yahoo.jrt.Target;
import com.yahoo.jrt.TargetWatcher;
import com.yahoo.jrt.Task;
import com.yahoo.jrt.Transport;
+import com.yahoo.security.tls.Capability;
import java.time.Duration;
import java.util.ArrayList;
@@ -137,6 +138,7 @@ public class Slobrok {
rpc_register(req);
}
})
+ .requireCapabilities(Capability.SLOBROK__API)
.methodDesc("Register a rpcserver")
.paramDesc(0, "name", "RpcServer name")
.paramDesc(1, "spec", "The connection specification"));
@@ -146,6 +148,7 @@ public class Slobrok {
rpc_unregister(req);
}
})
+ .requireCapabilities(Capability.SLOBROK__API)
.methodDesc("Unregister a rpcserver")
.paramDesc(0, "name", "RpcServer name")
.paramDesc(1, "spec", "The connection specification"));
@@ -156,6 +159,7 @@ public class Slobrok {
rpc_fetchIncremental(req);
}
})
+ .requireCapabilities(Capability.SLOBROK__API)
.methodDesc("Fetch or update mirror of name to spec map")
.paramDesc(0, "gencnt", "generation already known by client")
.paramDesc(1, "timeout", "How many milliseconds to wait for changes"