diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java index 582aa2c8aee..6597f10198d 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java @@ -89,7 +89,7 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase { if (permission == null) return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Forbidden")); var requestTokenHash = requestTokenHash(bearerToken); var clientIds = new TreeSet<String>(); - var permissions = new TreeSet<Permission>(); + var permissions = EnumSet.noneOf(Permission.class); var matchedTokens = new HashSet<TokenVersion>(); for (Client c : allowedClients) { if (!c.permissions().contains(permission)) continue; @@ -107,13 +107,11 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase { .formatted(matchedTokens.stream().map(TokenVersion::id).toList())); return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Forbidden")); } - var matchedToken = matchedTokens.stream().findAny().orElse(null); - if (matchedToken != null) { - addAccessLogEntry(req, "token.id", matchedToken.id()); - addAccessLogEntry(req, "token.hash", matchedToken.fingerprint().toDelimitedHexString()); - addAccessLogEntry(req, "token.exp", matchedToken.expiration().map(Instant::toString).orElse("<none>")); - } - ClientPrincipal.createForRequest(req, clientIds, permissions); + var matchedToken = matchedTokens.stream().findAny().get(); + addAccessLogEntry(req, "token.id", matchedToken.id()); + addAccessLogEntry(req, "token.hash", matchedToken.fingerprint().toDelimitedHexString()); + addAccessLogEntry(req, "token.exp", matchedToken.expiration().map(Instant::toString).orElse("<none>")); + ClientPrincipal.attachToRequest(req, clientIds, permissions); return Optional.empty(); } |