diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-09 11:33:48 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-09 15:18:43 +0100 |
commit | 6ef87df07fa0c0ffdd595e39647e8253cb558d92 (patch) | |
tree | 286cd6f444703a9468c68828937d36e8c5cafcc2 /jrt | |
parent | f0f9cee55960f20c0daef33991d01e77abbc8f1c (diff) |
Introduce capbilities for unclassified APIs
Require 'vespa.rpc.unclassified' by default for all JRT APIs
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/Method.java | 2 | ||||
-rw-r--r-- | jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java index 89c66747e0b..e69c6bcd802 100644 --- a/jrt/src/com/yahoo/jrt/Method.java +++ b/jrt/src/com/yahoo/jrt/Method.java @@ -40,7 +40,7 @@ public class Method { private String[] returnName; private String[] returnDesc; - private RequestAccessFilter filter = RequestAccessFilter.ALLOW_ALL; + private RequestAccessFilter filter = RequireCapabilitiesFilter.unclassified(); private static final String undocumented = "???"; diff --git a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java index 9bb497e96ed..90cc19880f0 100644 --- a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java +++ b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java @@ -10,6 +10,9 @@ import com.yahoo.security.tls.MissingCapabilitiesException; */ public class RequireCapabilitiesFilter implements RequestAccessFilter { + private static final RequireCapabilitiesFilter UNCLASSIFIED = + new RequireCapabilitiesFilter(Capability.RPC_UNCLASSIFIED); + private final CapabilitySet requiredCapabilities; public RequireCapabilitiesFilter(CapabilitySet requiredCapabilities) { @@ -20,6 +23,8 @@ public class RequireCapabilitiesFilter implements RequestAccessFilter { this(CapabilitySet.from(requiredCapabilities)); } + public static RequireCapabilitiesFilter unclassified() { return UNCLASSIFIED; } + @Override public boolean allow(Request r) { try { |