aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jrt/src/com/yahoo/jrt/Method.java2
-rw-r--r--jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java5
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/Capability.java3
3 files changed, 9 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java
index 89c66747e0b..e69c6bcd802 100644
--- a/jrt/src/com/yahoo/jrt/Method.java
+++ b/jrt/src/com/yahoo/jrt/Method.java
@@ -40,7 +40,7 @@ public class Method {
private String[] returnName;
private String[] returnDesc;
- private RequestAccessFilter filter = RequestAccessFilter.ALLOW_ALL;
+ private RequestAccessFilter filter = RequireCapabilitiesFilter.unclassified();
private static final String undocumented = "???";
diff --git a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
index 9bb497e96ed..90cc19880f0 100644
--- a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
+++ b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java
@@ -10,6 +10,9 @@ import com.yahoo.security.tls.MissingCapabilitiesException;
*/
public class RequireCapabilitiesFilter implements RequestAccessFilter {
+ private static final RequireCapabilitiesFilter UNCLASSIFIED =
+ new RequireCapabilitiesFilter(Capability.RPC_UNCLASSIFIED);
+
private final CapabilitySet requiredCapabilities;
public RequireCapabilitiesFilter(CapabilitySet requiredCapabilities) {
@@ -20,6 +23,8 @@ public class RequireCapabilitiesFilter implements RequestAccessFilter {
this(CapabilitySet.from(requiredCapabilities));
}
+ public static RequireCapabilitiesFilter unclassified() { return UNCLASSIFIED; }
+
@Override
public boolean allow(Request r) {
try {
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
index 17f5d3d1421..502c0511b93 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
@@ -8,6 +8,9 @@ import java.util.Arrays;
*/
public enum Capability implements ToCapabilitySet {
NONE("vespa.none"), // placeholder for no capabilities
+ HTTP_UNCLASSIFIED("vespa.http.unclassified"),
+ RESTAPI_UNCLASSIFIED("vespa.restapi.unclassified"),
+ RPC_UNCLASSIFIED("vespa.rpc.unclassified"),
CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API("vespa.content.cluster_controller.internal_state_api"),
CONTENT__DOCUMENT_API("vespa.content.document_api"),
CONTENT__METRICS_API("vespa.content.metrics_api"),