summaryrefslogtreecommitdiffstats
path: root/controller-server/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'controller-server/src/main/java')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java25
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java70
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java55
3 files changed, 0 insertions, 150 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java
deleted file mode 100644
index 8a539720a21..00000000000
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.restapi.filter;
-
-import com.google.common.collect.ImmutableMap;
-
-import java.time.Duration;
-import java.util.Map;
-
-/**
- * @author gv
- */
-public interface AccessControlHeaders {
-
- String CORS_PREFLIGHT_REQUEST_CACHE_TTL = Long.toString(Duration.ofDays(7).getSeconds());
-
- String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
-
- Map<String, String> ACCESS_CONTROL_HEADERS = ImmutableMap.of(
- "Access-Control-Max-Age", CORS_PREFLIGHT_REQUEST_CACHE_TTL,
- "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth",
- "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST",
- "Access-Control-Allow-Credentials", "true"
- );
-
-}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java
deleted file mode 100644
index 8df4124028e..00000000000
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.restapi.filter;
-
-import com.google.inject.Inject;
-import com.yahoo.jdisc.Response;
-import com.yahoo.jdisc.handler.ContentChannel;
-import com.yahoo.jdisc.handler.ResponseHandler;
-import com.yahoo.jdisc.http.HttpResponse;
-import com.yahoo.jdisc.http.filter.DiscFilterRequest;
-import com.yahoo.jdisc.http.filter.SecurityRequestFilter;
-import com.yahoo.vespa.hosted.controller.restapi.filter.config.HttpAccessControlConfig;
-import com.yahoo.yolean.chain.After;
-import com.yahoo.yolean.chain.Before;
-import com.yahoo.yolean.chain.Provides;
-
-import java.util.Collections;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS;
-import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ACCESS_CONTROL_HEADERS;
-import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ALLOW_ORIGIN_HEADER;
-
-/**
- * <p>
- * This filter makes sure we respond as quickly as possible to CORS pre-flight requests
- * which browsers transmit before the Hosted Vespa dashboard code is allowed to send a "real" request.
- * </p>
- * <p>
- * An "Access-Control-Max-Age" header is added so that the browser will cache the result of this pre-flight request,
- * further improving the responsiveness of the Hosted Vespa dashboard application.
- * </p>
- * <p>
- * Runs after all standard security request filters, but before BouncerFilter, as the browser does not send
- * credentials with pre-flight requests.
- * </p>
- *
- * @author andreer
- * @author gv
- */
-@After({"InputValidationFilter","RemoteIPFilter", "DoNotTrackRequestFilter", "CookieDataRequestFilter"})
-@Before({"BouncerFilter", "ControllerAuthorizationFilter"})
-@Provides("AccessControlRequestFilter")
-public class AccessControlRequestFilter implements SecurityRequestFilter {
- private final Set<String> allowedUrls;
-
- @Inject
- public AccessControlRequestFilter(HttpAccessControlConfig config) {
- allowedUrls = Collections.unmodifiableSet(config.allowedUrls().stream().collect(Collectors.toSet()));
- }
-
- @Override
- public void filter(DiscFilterRequest discFilterRequest, ResponseHandler responseHandler) {
- String origin = discFilterRequest.getHeader("Origin");
-
- if (!discFilterRequest.getMethod().equals(OPTIONS.name()))
- return;
-
- HttpResponse response = HttpResponse.newInstance(Response.Status.OK);
-
- if (allowedUrls.contains(origin))
- response.headers().add(ALLOW_ORIGIN_HEADER, origin);
-
- ACCESS_CONTROL_HEADERS.forEach(
- (name, value) -> response.headers().add(name, value));
-
- ContentChannel cc = responseHandler.handleResponse(response);
- cc.close(null);
- }
-}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java
deleted file mode 100644
index c2ad31cd925..00000000000
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.restapi.filter;
-
-import com.yahoo.jdisc.AbstractResource;
-import com.yahoo.jdisc.http.filter.DiscFilterResponse;
-import com.yahoo.jdisc.http.filter.RequestView;
-import com.yahoo.jdisc.http.filter.SecurityResponseFilter;
-import com.yahoo.vespa.hosted.controller.restapi.filter.config.HttpAccessControlConfig;
-
-import java.util.List;
-import java.util.Optional;
-
-import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ACCESS_CONTROL_HEADERS;
-import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ALLOW_ORIGIN_HEADER;
-
-/**
- * @author gv
- * @author Tony Vaagenes
- */
-public class AccessControlResponseFilter extends AbstractResource implements SecurityResponseFilter {
-
- private final List<String> allowedUrls;
-
- public AccessControlResponseFilter(HttpAccessControlConfig config) {
- allowedUrls = config.allowedUrls();
- }
-
- @Override
- public void filter(DiscFilterResponse response, RequestView request) {
- Optional<String> requestOrigin = request.getFirstHeader("Origin");
-
- requestOrigin.ifPresent(
- origin -> allowedUrls.stream()
- .filter(allowedUrl -> matchesRequestOrigin(origin, allowedUrl))
- .findAny()
- .ifPresent(allowedOrigin -> setHeaderUnlessExists(response, ALLOW_ORIGIN_HEADER, allowedOrigin))
- );
- ACCESS_CONTROL_HEADERS.forEach((name, value) -> setHeaderUnlessExists(response, name, value));
- }
-
- private boolean matchesRequestOrigin(String requestOrigin, String allowedUrl) {
- return allowedUrl.equals("*") || requestOrigin.startsWith(allowedUrl);
- }
-
- /**
- * This is to avoid duplicating headers already set by the {@link AccessControlRequestFilter}.
- * Currently (March 2016), this filter is invoked for OPTIONS requests to jdisc request handlers,
- * even if the request filter has been invoked first. For jersey based APIs, this filter is NOT
- * invoked in these cases.
- */
- private void setHeaderUnlessExists(DiscFilterResponse response, String name, String value) {
- if (response.getHeader(name) == null)
- response.setHeader(name, value);
- }
-}