diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-21 17:08:44 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-21 17:08:44 +0200 |
commit | 936301838e68ffb8d5d12de2f53c4b6a3b3f8d68 (patch) | |
tree | c35646a7cdab894963d77ce2f35dd32591993e9e /jrt | |
parent | 6463cfc76701d8fba705b8850075c0ee6b98dcbb (diff) |
Force caller to handle failed capability verification check
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java index 8b7fc3c1a46..9bb497e96ed 100644 --- a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java +++ b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java @@ -3,6 +3,7 @@ package com.yahoo.jrt; import com.yahoo.security.tls.Capability; import com.yahoo.security.tls.CapabilitySet; +import com.yahoo.security.tls.MissingCapabilitiesException; /** * @author bjorncs @@ -21,8 +22,13 @@ public class RequireCapabilitiesFilter implements RequestAccessFilter { @Override public boolean allow(Request r) { - return r.target().connectionAuthContext() - .hasCapabilities(requiredCapabilities, "RPC", r.methodName(), r.target().peerSpec().toString()); + try { + r.target().connectionAuthContext() + .verifyCapabilities(requiredCapabilities, "RPC", r.methodName(), r.target().peerSpec().toString()); + return true; + } catch (MissingCapabilitiesException e) { + return false; + } } } |