diff options
Diffstat (limited to 'jdisc-security-filters')
-rw-r--r-- | jdisc-security-filters/CMakeLists.txt | 2 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java (renamed from jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsLogic.java) | 2 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilter.java (renamed from jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilter.java) | 11 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBase.java (renamed from jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBase.java) | 10 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java (renamed from jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java) | 12 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/package-info.java (renamed from jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/package-info.java) | 2 | ||||
-rw-r--r-- | jdisc-security-filters/src/main/resources/configdefinitions/cors-filter.def (renamed from jdisc-security-filters/src/main/resources/configdefinitions/cors-security-filter.def) | 2 | ||||
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java (renamed from jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilterTest.java) | 14 | ||||
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBaseTest.java (renamed from jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBaseTest.java) | 14 | ||||
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilterTest.java (renamed from jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilterTest.java) | 14 |
10 files changed, 40 insertions, 43 deletions
diff --git a/jdisc-security-filters/CMakeLists.txt b/jdisc-security-filters/CMakeLists.txt index b20883d3154..1c6e067f974 100644 --- a/jdisc-security-filters/CMakeLists.txt +++ b/jdisc-security-filters/CMakeLists.txt @@ -2,4 +2,4 @@ install_fat_java_artifact(jdisc-security-filters) install_java_artifact_dependencies(jdisc-security-filters) -install_config_definition(src/main/resources/configdefinitions/cors-security-filter.def) +install_config_definition(src/main/resources/configdefinitions/cors-filter.def) diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index 3f1aeff9e95..54f1ee3042f 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.google.common.collect.ImmutableMap; import com.yahoo.jdisc.HeaderFields; diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilter.java index d162fff53b1..6e14cbe8ac2 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilter.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.google.inject.Inject; import com.yahoo.jdisc.Response; @@ -14,7 +14,6 @@ import java.util.HashSet; import java.util.Set; import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsPreflightResponseHeaders; /** * <p> @@ -34,12 +33,12 @@ import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsPreflightRes * @author gv * @author bjorncs */ -@Provides("CorsPreflightSecurityRequestFilter") -public class CorsPreflightSecurityRequestFilter implements SecurityRequestFilter { +@Provides("CorsPreflightRequestFilter") +public class CorsPreflightRequestFilter implements SecurityRequestFilter { private final Set<String> allowedUrls; @Inject - public CorsPreflightSecurityRequestFilter(CorsSecurityFilterConfig config) { + public CorsPreflightRequestFilter(CorsFilterConfig config) { this.allowedUrls = new HashSet<>(config.allowedUrls()); } @@ -52,7 +51,7 @@ public class CorsPreflightSecurityRequestFilter implements SecurityRequestFilter HttpResponse response = HttpResponse.newInstance(Response.Status.OK); - createCorsPreflightResponseHeaders(origin, allowedUrls) + CorsLogic.createCorsPreflightResponseHeaders(origin, allowedUrls) .forEach(response.headers()::put); ContentChannel cc = responseHandler.handleResponse(response); diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBase.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBase.java index fd64aa37875..7bdbd7eddf4 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBase.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBase.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -15,7 +15,7 @@ import java.util.HashSet; import java.util.Optional; import java.util.Set; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsResponseHeaders; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.createCorsResponseHeaders; /** * Security request filters should extend this base class to ensure that CORS header are included in the response of a rejected request. @@ -23,17 +23,17 @@ import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsResponseHead * * @author bjorncs */ -public abstract class CorsSecurityRequestFilterBase implements SecurityRequestFilter { +public abstract class CorsRequestFilterBase implements SecurityRequestFilter { private static final ObjectMapper mapper = new ObjectMapper(); private final Set<String> allowedUrls; - protected CorsSecurityRequestFilterBase(CorsSecurityFilterConfig config) { + protected CorsRequestFilterBase(CorsFilterConfig config) { this(new HashSet<>(config.allowedUrls())); } - protected CorsSecurityRequestFilterBase(Set<String> allowedUrls) { + protected CorsRequestFilterBase(Set<String> allowedUrls) { this.allowedUrls = allowedUrls; } diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java index bf288661bc4..d0b9e4ce7c9 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilter.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.google.inject.Inject; import com.yahoo.jdisc.AbstractResource; @@ -11,27 +11,25 @@ import com.yahoo.yolean.chain.Provides; import java.util.HashSet; import java.util.Set; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.createCorsResponseHeaders; - /** * @author gv * @author Tony Vaagenes * @author bjorncs */ -@Provides("CorsSecurityResponseFilter") -public class CorsSecurityResponseFilter extends AbstractResource implements SecurityResponseFilter { +@Provides("CorsResponseFilter") +public class CorsResponseFilter extends AbstractResource implements SecurityResponseFilter { private final Set<String> allowedUrls; @Inject - public CorsSecurityResponseFilter(CorsSecurityFilterConfig config) { + public CorsResponseFilter(CorsFilterConfig config) { this.allowedUrls = new HashSet<>(config.allowedUrls()); } @Override public void filter(DiscFilterResponse response, RequestView request) { - createCorsResponseHeaders(request.getFirstHeader("Origin").orElse(null), allowedUrls) + CorsLogic.createCorsResponseHeaders(request.getFirstHeader("Origin").orElse(null), allowedUrls) .forEach(response::setHeader); } diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/package-info.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/package-info.java index 6357acc4e99..cada3d3fcd8 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filters/cors/package-info.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/package-info.java @@ -3,6 +3,6 @@ * @author bjorncs */ @ExportPackage -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file diff --git a/jdisc-security-filters/src/main/resources/configdefinitions/cors-security-filter.def b/jdisc-security-filters/src/main/resources/configdefinitions/cors-filter.def index 71d4b998b99..a5c69b2db62 100644 --- a/jdisc-security-filters/src/main/resources/configdefinitions/cors-security-filter.def +++ b/jdisc-security-filters/src/main/resources/configdefinitions/cors-filter.def @@ -1,4 +1,4 @@ # Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -namespace=jdisc.http.filters.cors +namespace=jdisc.http.filter.security.cors allowedUrls[] string diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java index cb934c32bee..2486bc444c8 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsPreflightSecurityRequestFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.yahoo.jdisc.HeaderFields; import com.yahoo.jdisc.Response; @@ -7,14 +7,14 @@ import com.yahoo.jdisc.handler.ContentChannel; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; -import com.yahoo.jdisc.http.filters.cors.CorsSecurityFilterConfig.Builder; +import com.yahoo.jdisc.http.filter.security.cors.CorsFilterConfig.Builder; import org.junit.Test; import java.util.Arrays; import static com.yahoo.jdisc.http.HttpRequest.Method.OPTIONS; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.ACCESS_CONTROL_HEADERS; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.ALLOW_ORIGIN_HEADER; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ACCESS_CONTROL_HEADERS; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER; import static org.junit.Assert.*; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -24,7 +24,7 @@ import static org.mockito.Mockito.when; * @author gjoranv * @author bjorncs */ -public class CorsPreflightSecurityRequestFilterTest { +public class CorsPreflightRequestFilterTest { @Test public void any_options_request_yields_access_control_headers_in_response() { @@ -59,10 +59,10 @@ public class CorsPreflightSecurityRequestFilterTest { return request; } - private static CorsPreflightSecurityRequestFilter newRequestFilter(String... allowedOriginUrls) { + private static CorsPreflightRequestFilter newRequestFilter(String... allowedOriginUrls) { Builder builder = new Builder(); Arrays.asList(allowedOriginUrls).forEach(builder::allowedUrls); - return new CorsPreflightSecurityRequestFilter(new CorsSecurityFilterConfig(builder)); + return new CorsPreflightRequestFilter(new CorsFilterConfig(builder)); } private static class AccessControlResponseHandler implements ResponseHandler { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBaseTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBaseTest.java index 65fb78cdbd6..29d28499a28 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityRequestFilterBaseTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsRequestFilterBaseTest.java @@ -1,5 +1,5 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.yahoo.container.jdisc.RequestHandlerTestDriver.MockResponseHandler; import com.yahoo.jdisc.Response; @@ -11,7 +11,7 @@ import java.util.List; import java.util.Optional; import java.util.Set; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.ALLOW_ORIGIN_HEADER; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertThat; @@ -21,15 +21,15 @@ import static org.mockito.Mockito.when; /** * @author bjorncs */ -public class CorsSecurityRequestFilterBaseTest { +public class CorsRequestFilterBaseTest { @Test public void adds_cors_headers_when_filter_reject_request() { String origin = "http://allowed.origin"; Set<String> allowedOrigins = Collections.singleton(origin); int statusCode = 403; - SimpleCorsSecurityRequestFilter filter = - new SimpleCorsSecurityRequestFilter(allowedOrigins, statusCode, "Forbidden"); + SimpleCorsRequestFilter filter = + new SimpleCorsRequestFilter(allowedOrigins, statusCode, "Forbidden"); DiscFilterRequest request = mock(DiscFilterRequest.class); when(request.getHeader("Origin")).thenReturn(origin); MockResponseHandler responseHandler = new MockResponseHandler(); @@ -43,10 +43,10 @@ public class CorsSecurityRequestFilterBaseTest { assertThat(allowOriginHeader.get(0), equalTo(origin)); } - private static class SimpleCorsSecurityRequestFilter extends CorsSecurityRequestFilterBase { + private static class SimpleCorsRequestFilter extends CorsRequestFilterBase { private final ErrorResponse errorResponse; - SimpleCorsSecurityRequestFilter(Set<String> allowedUrls, int statusCode, String message) { + SimpleCorsRequestFilter(Set<String> allowedUrls, int statusCode, String message) { super(allowedUrls); this.errorResponse = new ErrorResponse(statusCode, message); } diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilterTest.java index cadc4b217b3..2967a7659f5 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filters/cors/CorsSecurityResponseFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsResponseFilterTest.java @@ -1,11 +1,11 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.jdisc.http.filters.cors; +package com.yahoo.jdisc.http.filter.security.cors; import com.yahoo.jdisc.http.Cookie; import com.yahoo.jdisc.http.filter.DiscFilterResponse; import com.yahoo.jdisc.http.filter.RequestView; import com.yahoo.jdisc.http.filter.SecurityResponseFilter; -import com.yahoo.jdisc.http.filters.cors.CorsSecurityFilterConfig.Builder; +import com.yahoo.jdisc.http.filter.security.cors.CorsFilterConfig.Builder; import com.yahoo.jdisc.http.servlet.ServletOrJdiscHttpResponse; import org.junit.Test; @@ -16,8 +16,8 @@ import java.util.List; import java.util.Map; import java.util.Optional; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.ACCESS_CONTROL_HEADERS; -import static com.yahoo.jdisc.http.filters.cors.CorsLogic.ALLOW_ORIGIN_HEADER; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ACCESS_CONTROL_HEADERS; +import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; @@ -28,7 +28,7 @@ import static org.mockito.Mockito.when; * @author gjoranv * @author bjorncs */ -public class CorsSecurityResponseFilterTest { +public class CorsResponseFilterTest { @Test public void any_request_yields_access_control_headers_in_response() { @@ -62,10 +62,10 @@ public class CorsSecurityResponseFilterTest { return Collections.unmodifiableMap(response.headers); } - private static CorsSecurityResponseFilter newResponseFilter(String... allowedOriginUrls) { + private static CorsResponseFilter newResponseFilter(String... allowedOriginUrls) { Builder builder = new Builder(); Arrays.asList(allowedOriginUrls).forEach(builder::allowedUrls); - return new CorsSecurityResponseFilter(new CorsSecurityFilterConfig(builder)); + return new CorsResponseFilter(new CorsFilterConfig(builder)); } private static RequestView newRequestView(String originUrl) { |