summaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java')
-rw-r--r--jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java14
1 files changed, 6 insertions, 8 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
index 582aa2c8aee..6597f10198d 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
@@ -89,7 +89,7 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase {
if (permission == null) return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Forbidden"));
var requestTokenHash = requestTokenHash(bearerToken);
var clientIds = new TreeSet<String>();
- var permissions = new TreeSet<Permission>();
+ var permissions = EnumSet.noneOf(Permission.class);
var matchedTokens = new HashSet<TokenVersion>();
for (Client c : allowedClients) {
if (!c.permissions().contains(permission)) continue;
@@ -107,13 +107,11 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase {
.formatted(matchedTokens.stream().map(TokenVersion::id).toList()));
return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Forbidden"));
}
- var matchedToken = matchedTokens.stream().findAny().orElse(null);
- if (matchedToken != null) {
- addAccessLogEntry(req, "token.id", matchedToken.id());
- addAccessLogEntry(req, "token.hash", matchedToken.fingerprint().toDelimitedHexString());
- addAccessLogEntry(req, "token.exp", matchedToken.expiration().map(Instant::toString).orElse("<none>"));
- }
- ClientPrincipal.createForRequest(req, clientIds, permissions);
+ var matchedToken = matchedTokens.stream().findAny().get();
+ addAccessLogEntry(req, "token.id", matchedToken.id());
+ addAccessLogEntry(req, "token.hash", matchedToken.fingerprint().toDelimitedHexString());
+ addAccessLogEntry(req, "token.exp", matchedToken.expiration().map(Instant::toString).orElse("<none>"));
+ ClientPrincipal.attachToRequest(req, clientIds, permissions);
return Optional.empty();
}