diff options
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http')
5 files changed, 76 insertions, 66 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java index 87c6d41c80d..9676b8b1e4a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java @@ -3,13 +3,12 @@ package com.yahoo.vespa.model.container.http; import com.yahoo.component.ComponentId; import com.yahoo.component.ComponentSpecification; +import com.yahoo.config.application.api.DeployLogger; import com.yahoo.vespa.model.container.ApplicationContainerCluster; import com.yahoo.vespa.model.container.ContainerCluster; -import com.yahoo.vespa.model.container.component.BindingPattern; import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent; import com.yahoo.vespa.model.container.component.Handler; import com.yahoo.vespa.model.container.component.Servlet; -import com.yahoo.vespa.model.container.component.SystemBindingPattern; import java.util.ArrayList; import java.util.Collection; @@ -44,12 +43,14 @@ public final class AccessControl { private String domain; private boolean readEnabled = false; private boolean writeEnabled = true; - private final Set<BindingPattern> excludeBindings = new LinkedHashSet<>(); + private final Set<String> excludeBindings = new LinkedHashSet<>(); private Collection<Handler<?>> handlers = Collections.emptyList(); private Collection<Servlet> servlets = Collections.emptyList(); + private final DeployLogger logger; - public Builder(String domain) { + public Builder(String domain, DeployLogger logger) { this.domain = domain; + this.logger = logger; } public Builder readEnabled(boolean readEnabled) { @@ -62,7 +63,7 @@ public final class AccessControl { return this; } - public Builder excludeBinding(BindingPattern binding) { + public Builder excludeBinding(String binding) { this.excludeBindings.add(binding); return this; } @@ -75,32 +76,35 @@ public final class AccessControl { public AccessControl build() { return new AccessControl(domain, writeEnabled, readEnabled, - excludeBindings, servlets, handlers); + excludeBindings, servlets, handlers, logger); } } public final String domain; public final boolean readEnabled; public final boolean writeEnabled; - private final Set<BindingPattern> excludedBindings; + private final Set<String> excludedBindings; private final Collection<Handler<?>> handlers; private final Collection<Servlet> servlets; + private final DeployLogger logger; private AccessControl(String domain, boolean writeEnabled, boolean readEnabled, - Set<BindingPattern> excludedBindings, + Set<String> excludedBindings, Collection<Servlet> servlets, - Collection<Handler<?>> handlers) { + Collection<Handler<?>> handlers, + DeployLogger logger) { this.domain = domain; this.readEnabled = readEnabled; this.writeEnabled = writeEnabled; this.excludedBindings = Collections.unmodifiableSet(excludedBindings); this.handlers = handlers; this.servlets = servlets; + this.logger = logger; } - public List<FilterBinding> getBindings() { + public List<Binding> getBindings() { return Stream.concat(getHandlerBindings(), getServletBindings()) .collect(Collectors.toCollection(ArrayList::new)); } @@ -109,18 +113,18 @@ public final class AccessControl { return cluster.getHandlers().stream().anyMatch(AccessControl::handlerNeedsProtection); } - private Stream<FilterBinding> getHandlerBindings() { + private Stream<Binding> getHandlerBindings() { return handlers.stream() .filter(this::shouldHandlerBeProtected) .flatMap(handler -> handler.getServerBindings().stream()) - .map(binding -> accessControlBinding(binding)); + .map(binding -> accessControlBinding(binding, logger)); } - private Stream<FilterBinding> getServletBindings() { + private Stream<Binding> getServletBindings() { return servlets.stream() .filter(this::shouldServletBeProtected) .flatMap(AccessControl::servletBindings) - .map(binding -> accessControlBinding(binding)); + .map(binding -> accessControlBinding(binding, logger)); } private boolean shouldHandlerBeProtected(Handler<?> handler) { @@ -136,12 +140,12 @@ public final class AccessControl { return servletBindings(servlet).noneMatch(excludedBindings::contains); } - private static FilterBinding accessControlBinding(BindingPattern binding) { - return FilterBinding.create(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding); + private static Binding accessControlBinding(String binding, DeployLogger logger) { + return Binding.create(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding, logger); } - private static Stream<BindingPattern> servletBindings(Servlet servlet) { - return Stream.of(SystemBindingPattern.fromHttpPath("/" + servlet.bindingPath)); + private static Stream<String> servletBindings(Servlet servlet) { + return Stream.of("http://*/").map(protocol -> protocol + servlet.bindingPath); } private static boolean handlerNeedsProtection(Handler<?> handler) { @@ -149,7 +153,7 @@ public final class AccessControl { } private static boolean hasNonMbusBinding(Handler<?> handler) { - return handler.getServerBindings().stream().anyMatch(binding -> ! binding.scheme().equals("mbus")); + return handler.getServerBindings().stream().anyMatch(binding -> ! binding.startsWith("mbus")); } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Binding.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Binding.java new file mode 100644 index 00000000000..28f4949f210 --- /dev/null +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Binding.java @@ -0,0 +1,39 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.model.container.http; + +import com.yahoo.component.ComponentSpecification; +import com.yahoo.config.application.api.DeployLogger; + +import java.util.logging.Level; + +/** + * @author bjorncs + */ +public class Binding { + + private final ComponentSpecification filterId; + private final String binding; + + private Binding(ComponentSpecification filterId, String binding) { + this.filterId = filterId; + this.binding = binding; + } + + public static Binding create(ComponentSpecification filterId, String binding, DeployLogger logger) { + if (binding.startsWith("https://")) { + logger.log(Level.WARNING, String.format("For binding '%s' on '%s': 'https' bindings are deprecated, " + + "use 'http' instead to bind to both http and https traffic.", + binding, filterId)); + } + return new Binding(filterId, binding); + } + + public ComponentSpecification filterId() { + return filterId; + } + + public String binding() { + return binding; + } + +} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/FilterBinding.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/FilterBinding.java deleted file mode 100644 index 8ae06b7cebd..00000000000 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/FilterBinding.java +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.model.container.http; - -import com.yahoo.component.ComponentSpecification; -import com.yahoo.vespa.model.container.component.BindingPattern; - -/** - * @author bjorncs - */ -public class FilterBinding { - - private final ComponentSpecification filterId; - private final BindingPattern binding; - - private FilterBinding(ComponentSpecification filterId, BindingPattern binding) { - this.filterId = filterId; - this.binding = binding; - } - - public static FilterBinding create(ComponentSpecification filterId, BindingPattern binding) { - return new FilterBinding(filterId, binding); - } - - public ComponentSpecification filterId() { - return filterId; - } - - public BindingPattern binding() { - return binding; - } - -} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java index 3155669527a..0fcf7b2d06c 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java @@ -21,7 +21,7 @@ import java.util.concurrent.CopyOnWriteArrayList; public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> implements ServerConfig.Producer { private final FilterChains filterChains; - private final List<FilterBinding> bindings = new CopyOnWriteArrayList<>(); + private final List<Binding> bindings = new CopyOnWriteArrayList<>(); private volatile JettyHttpServer httpServer; private volatile AccessControl accessControl; @@ -64,7 +64,7 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl setHttpServer(null); } - public List<FilterBinding> getBindings() { + public List<Binding> getBindings() { return bindings; } @@ -74,16 +74,16 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl @Override public void getConfig(ServerConfig.Builder builder) { - for (FilterBinding binding : bindings) { + for (Binding binding : bindings) { builder.filter(new ServerConfig.Filter.Builder() .id(binding.filterId().stringValue()) - .binding(binding.binding().patternString())); + .binding(binding.binding())); } } @Override public void validate() { - if (((Collection<FilterBinding>) bindings).isEmpty()) return; + if (((Collection<Binding>) bindings).isEmpty()) return; if (filterChains == null) throw new IllegalArgumentException("Null FilterChains are not allowed when there are filter bindings"); @@ -91,7 +91,7 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl ComponentRegistry<ChainedComponent<?>> filters = filterChains.componentsRegistry(); ComponentRegistry<Chain<Filter>> chains = filterChains.allChains(); - for (FilterBinding binding: bindings) { + for (Binding binding: bindings) { if (filters.getComponent(binding.filterId()) == null && chains.getComponent(binding.filterId()) == null) throw new RuntimeException("Can't find filter " + binding.filterId() + " for binding " + binding.binding()); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java index 9d5fead7dfb..bfde9b9add1 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java @@ -13,10 +13,9 @@ import com.yahoo.vespa.model.builder.xml.dom.ModelElement; import com.yahoo.vespa.model.builder.xml.dom.VespaDomBuilder; import com.yahoo.vespa.model.container.ApplicationContainerCluster; import com.yahoo.vespa.model.container.Container; -import com.yahoo.vespa.model.container.component.UserBindingPattern; import com.yahoo.vespa.model.container.component.chain.Chain; import com.yahoo.vespa.model.container.http.AccessControl; -import com.yahoo.vespa.model.container.http.FilterBinding; +import com.yahoo.vespa.model.container.http.Binding; import com.yahoo.vespa.model.container.http.FilterChains; import com.yahoo.vespa.model.container.http.Http; import org.w3c.dom.Element; @@ -37,13 +36,13 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> @Override protected Http doBuild(DeployState deployState, AbstractConfigProducer ancestor, Element spec) { FilterChains filterChains; - List<FilterBinding> bindings = new ArrayList<>(); + List<Binding> bindings = new ArrayList<>(); AccessControl accessControl = null; Element filteringElem = XML.getChild(spec, "filtering"); if (filteringElem != null) { filterChains = new FilterChainsBuilder().build(deployState, ancestor, filteringElem); - bindings = readFilterBindings(filteringElem); + bindings = readFilterBindings(filteringElem, deployState.getDeployLogger()); Element accessControlElem = XML.getChild(filteringElem, "access-control"); if (accessControlElem != null) { @@ -64,7 +63,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> private AccessControl buildAccessControl(DeployState deployState, AbstractConfigProducer ancestor, Element accessControlElem) { AthenzDomain domain = getAccessControlDomain(deployState, accessControlElem); - AccessControl.Builder builder = new AccessControl.Builder(domain.value()); + AccessControl.Builder builder = new AccessControl.Builder(domain.value(), deployState.getDeployLogger()); getContainerCluster(ancestor).ifPresent(builder::setHandlers); @@ -76,7 +75,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> Element excludeElem = XML.getChild(accessControlElem, "exclude"); if (excludeElem != null) { XML.getChildren(excludeElem, "binding").stream() - .map(xml -> UserBindingPattern.fromPattern(XML.getValue(xml))) + .map(XML::getValue) .forEach(builder::excludeBinding); } return builder.build(); @@ -114,8 +113,8 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> return Optional.of((ApplicationContainerCluster) currentProducer); } - private List<FilterBinding> readFilterBindings(Element filteringSpec) { - List<FilterBinding> result = new ArrayList<>(); + private List<Binding> readFilterBindings(Element filteringSpec, DeployLogger logger) { + List<Binding> result = new ArrayList<>(); for (Element child: XML.getChildren(filteringSpec)) { String tagName = child.getTagName(); @@ -124,7 +123,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> for (Element bindingSpec: XML.getChildren(child, "binding")) { String binding = XML.getValue(bindingSpec); - result.add(FilterBinding.create(chainId, UserBindingPattern.fromPattern(binding))); + result.add(Binding.create(chainId, binding, logger)); } } } |