diff options
Diffstat (limited to 'controller-server/src/main/java')
3 files changed, 0 insertions, 150 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java deleted file mode 100644 index 8a539720a21..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlHeaders.java +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.restapi.filter; - -import com.google.common.collect.ImmutableMap; - -import java.time.Duration; -import java.util.Map; - -/** - * @author gv - */ -public interface AccessControlHeaders { - - String CORS_PREFLIGHT_REQUEST_CACHE_TTL = Long.toString(Duration.ofDays(7).getSeconds()); - - String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin"; - - Map<String, String> ACCESS_CONTROL_HEADERS = ImmutableMap.of( - "Access-Control-Max-Age", CORS_PREFLIGHT_REQUEST_CACHE_TTL, - "Access-Control-Allow-Headers", "Origin,Content-Type,Accept,Yahoo-Principal-Auth", - "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST", - "Access-Control-Allow-Credentials", "true" - ); - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java deleted file mode 100644 index 8df4124028e..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlRequestFilter.java +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.restapi.filter; - -import com.google.inject.Inject; -import com.yahoo.jdisc.Response; -import com.yahoo.jdisc.handler.ContentChannel; -import com.yahoo.jdisc.handler.ResponseHandler; -import com.yahoo.jdisc.http.HttpResponse; -import com.yahoo.jdisc.http.filter.DiscFilterRequest; -import com.yahoo.jdisc.http.filter.SecurityRequestFilter; -import com.yahoo.vespa.hosted.controller.restapi.filter.config.HttpAccessControlConfig; -import com.yahoo.yolean.chain.After; -import com.yahoo.yolean.chain.Before; -import com.yahoo.yolean.chain.Provides; - -import java.util.Collections; -import java.util.Set; -import java.util.stream.Collectors; - -import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; -import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ACCESS_CONTROL_HEADERS; -import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ALLOW_ORIGIN_HEADER; - -/** - * <p> - * This filter makes sure we respond as quickly as possible to CORS pre-flight requests - * which browsers transmit before the Hosted Vespa dashboard code is allowed to send a "real" request. - * </p> - * <p> - * An "Access-Control-Max-Age" header is added so that the browser will cache the result of this pre-flight request, - * further improving the responsiveness of the Hosted Vespa dashboard application. - * </p> - * <p> - * Runs after all standard security request filters, but before BouncerFilter, as the browser does not send - * credentials with pre-flight requests. - * </p> - * - * @author andreer - * @author gv - */ -@After({"InputValidationFilter","RemoteIPFilter", "DoNotTrackRequestFilter", "CookieDataRequestFilter"}) -@Before({"BouncerFilter", "ControllerAuthorizationFilter"}) -@Provides("AccessControlRequestFilter") -public class AccessControlRequestFilter implements SecurityRequestFilter { - private final Set<String> allowedUrls; - - @Inject - public AccessControlRequestFilter(HttpAccessControlConfig config) { - allowedUrls = Collections.unmodifiableSet(config.allowedUrls().stream().collect(Collectors.toSet())); - } - - @Override - public void filter(DiscFilterRequest discFilterRequest, ResponseHandler responseHandler) { - String origin = discFilterRequest.getHeader("Origin"); - - if (!discFilterRequest.getMethod().equals(OPTIONS.name())) - return; - - HttpResponse response = HttpResponse.newInstance(Response.Status.OK); - - if (allowedUrls.contains(origin)) - response.headers().add(ALLOW_ORIGIN_HEADER, origin); - - ACCESS_CONTROL_HEADERS.forEach( - (name, value) -> response.headers().add(name, value)); - - ContentChannel cc = responseHandler.handleResponse(response); - cc.close(null); - } -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java deleted file mode 100644 index c2ad31cd925..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AccessControlResponseFilter.java +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.restapi.filter; - -import com.yahoo.jdisc.AbstractResource; -import com.yahoo.jdisc.http.filter.DiscFilterResponse; -import com.yahoo.jdisc.http.filter.RequestView; -import com.yahoo.jdisc.http.filter.SecurityResponseFilter; -import com.yahoo.vespa.hosted.controller.restapi.filter.config.HttpAccessControlConfig; - -import java.util.List; -import java.util.Optional; - -import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ACCESS_CONTROL_HEADERS; -import static com.yahoo.vespa.hosted.controller.restapi.filter.AccessControlHeaders.ALLOW_ORIGIN_HEADER; - -/** - * @author gv - * @author Tony Vaagenes - */ -public class AccessControlResponseFilter extends AbstractResource implements SecurityResponseFilter { - - private final List<String> allowedUrls; - - public AccessControlResponseFilter(HttpAccessControlConfig config) { - allowedUrls = config.allowedUrls(); - } - - @Override - public void filter(DiscFilterResponse response, RequestView request) { - Optional<String> requestOrigin = request.getFirstHeader("Origin"); - - requestOrigin.ifPresent( - origin -> allowedUrls.stream() - .filter(allowedUrl -> matchesRequestOrigin(origin, allowedUrl)) - .findAny() - .ifPresent(allowedOrigin -> setHeaderUnlessExists(response, ALLOW_ORIGIN_HEADER, allowedOrigin)) - ); - ACCESS_CONTROL_HEADERS.forEach((name, value) -> setHeaderUnlessExists(response, name, value)); - } - - private boolean matchesRequestOrigin(String requestOrigin, String allowedUrl) { - return allowedUrl.equals("*") || requestOrigin.startsWith(allowedUrl); - } - - /** - * This is to avoid duplicating headers already set by the {@link AccessControlRequestFilter}. - * Currently (March 2016), this filter is invoked for OPTIONS requests to jdisc request handlers, - * even if the request filter has been invoked first. For jersey based APIs, this filter is NOT - * invoked in these cases. - */ - private void setHeaderUnlessExists(DiscFilterResponse response, String name, String value) { - if (response.getHeader(name) == null) - response.setHeader(name, value); - } -} |