Introduce capbilities for unclassified APIs

Require 'vespa.rpc.unclassified' by default for all JRT APIs

2 files changed, 6 insertions, 1 deletions

diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java
index 89c66747e0b..e69c6bcd802 100644
--- a/jrt/src/com/yahoo/jrt/Method.java
+++ b/jrt/src/com/yahoo/jrt/Method.java
@@ -40,7 +40,7 @@ public class Method {
     private String[] returnName;
     private String[] returnDesc;
 
-    private RequestAccessFilter filter = RequestAccessFilter.ALLOW_ALL;
+    private RequestAccessFilter filter = RequireCapabilitiesFilter.unclassified();
 
     private static final String undocumented = "???";
 
diff --git a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
index 9bb497e96ed..90cc19880f0 100644
--- a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
+++ b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
@@ -10,6 +10,9 @@ import com.yahoo.security.tls.MissingCapabilitiesException;
  */
 public class RequireCapabilitiesFilter implements RequestAccessFilter {
 
+    private static final RequireCapabilitiesFilter UNCLASSIFIED =
+            new RequireCapabilitiesFilter(Capability.RPC_UNCLASSIFIED);
+
     private final CapabilitySet requiredCapabilities;
 
     public RequireCapabilitiesFilter(CapabilitySet requiredCapabilities) {
@@ -20,6 +23,8 @@ public class RequireCapabilitiesFilter implements RequestAccessFilter {
         this(CapabilitySet.from(requiredCapabilities));
     }
 
+    public static RequireCapabilitiesFilter unclassified() { return UNCLASSIFIED; }
+
     @Override
     public boolean allow(Request r) {
         try {