Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Group fingerprints by token id | jonmv | 2023-09-28 | 1 | -1/+1 |
| | |||||
* | Use switch expressions | jonmv | 2023-09-28 | 1 | -0/+3 |
| | |||||
* | Address review | jonmv | 2023-09-28 | 1 | -0/+1 |
| | |||||
* | Set up token-tell-handler with data-plane token filter | jonmv | 2023-09-28 | 1 | -0/+52 |
| | |||||
* | Improve test | Morten Tokle | 2023-09-21 | 1 | -8/+21 |
| | |||||
* | Allow empty clients | Morten Tokle | 2023-09-21 | 1 | -0/+18 |
| | |||||
* | Misc improvements to `CloudDataPlaneFilter(Test)` | Bjørn Christian Seime | 2023-07-19 | 1 | -2/+1 |
| | |||||
* | Split token authz into dedicated filter `CloudTokenDataPlaneFilter` | Bjørn Christian Seime | 2023-07-19 | 2 | -163/+200 |
| | |||||
* | Add expiration concept to data plane tokens | Bjørn Christian Seime | 2023-07-12 | 1 | -5/+44 |
| | |||||
* | Simplify token API by using fixed context for fingerprints | Tor Brede Vekterli | 2023-06-15 | 1 | -2/+2 |
| | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere. | ||||
* | Misc improvements | Bjørn Christian Seime | 2023-06-15 | 1 | -14/+3 |
| | | | | | | | Remove duplicate unit tests. Improve symbol names. Use `Map` to simplify code and reduce cost. Introduce constant for the number of bytes in token check hash. Improve code comments. | ||||
* | Support tokens in Cloud data plane filter | Bjørn Christian Seime | 2023-06-14 | 1 | -7/+136 |
| | |||||
* | Allow subdomains in CORS filters | Valerij Fredriksen | 2023-06-06 | 2 | -0/+46 |
| | |||||
* | Move config to configdefinitions | Morten Tokle | 2022-11-22 | 1 | -0/+1 |
| | |||||
* | Introduce Cloud data plane security filter | Bjørn Christian Seime | 2022-11-22 | 1 | -0/+150 |
| | |||||
* | Add test helper to construct filter request instance | Bjørn Christian Seime | 2022-11-16 | 7 | -60/+29 |
| | |||||
* | compare oranges with oranges | Andreas Eriksen | 2022-08-17 | 1 | -0/+8 |
| | |||||
* | Convert jdisc-security-filters to junit5 | Bjørn Christian Seime | 2022-07-27 | 8 | -57/+56 |
| | |||||
* | Move rule-based-filter config to configdefinitions module/bundle | gjoranv | 2022-07-27 | 1 | -2/+3 |
| | | | | | | | .. to remove import-package from config-model to jdisc-security-filters. - Keep the old config def for a while in case it's needed by hosted Vespa config models. | ||||
* | Simplify type definition for subject alternative names | Bjørn Christian Seime | 2022-07-20 | 1 | -2/+2 |
| | |||||
* | Avoid segment validation in rule based filter | jonmv | 2022-04-11 | 1 | -1/+1 |
| | |||||
* | GC deprecated junit assertThat. | Henning Baldersheim | 2021-12-21 | 3 | -29/+23 |
| | |||||
* | Make DiscFilterResponse concrete and remove package-private sub-class | Bjørn Christian Seime | 2021-12-03 | 1 | -24/+2 |
| | | | | | Make DiscFilterResponse opereate directly on a jdisc-core Response instance. Reduce use of jdisc-core types from its public API. | ||||
* | Reapply "Remove Servlet integration from container-core [run-systemtest]"" | Bjørn Christian Seime | 2021-12-03 | 1 | -2/+2 |
| | |||||
* | Revert "Remove Servlet integration from container-core [run-systemtest]" | Jon Marius Venstad | 2021-12-03 | 1 | -2/+2 |
| | |||||
* | Remove Servlet integration from container-core | Bjørn Christian Seime | 2021-12-02 | 1 | -2/+2 |
| | |||||
* | Update 2020 Oath copyrights. | gjoranv | 2021-10-27 | 1 | -1/+1 |
| | |||||
* | Update Verizon Media copyright notices. | gjoranv | 2021-10-07 | 1 | -1/+1 |
| | |||||
* | Update 2018 copyright notices. | gjoranv | 2021-10-07 | 5 | -5/+5 |
| | |||||
* | Update 2017 copyright notices. | gjoranv | 2021-10-07 | 1 | -1/+1 |
| | |||||
* | Add request and acl mapping values as metric dimensions | Morten Tokle | 2021-06-11 | 1 | -1/+3 |
| | |||||
* | Return request origin when wildcard is allowed | Valerij Fredriksen | 2021-05-11 | 1 | -1/+1 |
| | |||||
* | Remove corse filter base class that is no longer relevant | Bjørn Christian Seime | 2021-05-07 | 1 | -60/+0 |
| | |||||
* | Allow wildcard in allowedUrls for CorsPreflightRequestFilter | Valerij Fredriksen | 2021-05-06 | 1 | -1/+10 |
| | |||||
* | Test that access token is ignored when client has role certificate | Bjørn Christian Seime | 2021-03-02 | 1 | -0/+14 |
| | |||||
* | Test dryrun | Bjørn Christian Seime | 2021-02-23 | 1 | -0/+15 |
| | |||||
* | Add configurable response headers for blocked requests | Bjørn Christian Seime | 2021-02-23 | 1 | -1/+55 |
| | |||||
* | Add rule based request filter | Bjørn Christian Seime | 2021-02-17 | 1 | -0/+174 |
| | |||||
* | Athenz jdisc filter: support proxied access token from trusted peer | Bjørn Christian Seime | 2021-02-11 | 1 | -13/+93 |
| | |||||
* | Create default connector request chain | Morten Tokle | 2020-11-23 | 1 | -0/+66 |
| | |||||
* | Expose metrics from filter | Morten Tokle | 2020-03-19 | 1 | -1/+66 |
| | |||||
* | Merge pull request #12466 from vespa-engine/bjorncs/improve-error-message | Bjørn Christian Seime | 2020-03-10 | 1 | -0/+10 |
|\ | | | | | Improve error message on when all allowed credentials are missing | ||||
| * | Improve error message on when all allowed credentials are missing | Bjørn Christian Seime | 2020-03-05 | 1 | -0/+10 |
| | | |||||
* | | Add expiry time | Morten Tokle | 2020-03-06 | 1 | -1/+3 |
|/ | |||||
* | Rewrite AthenzAuthorizationFilter to accept access tokens | Bjørn Christian Seime | 2020-01-30 | 1 | -40/+145 |
| | | | | | | Change athenz-authorization-filter.def to have an enum set of enabled credentials. Delegate to ZPE to determine if a certificate is an Athenz role or identity certificate. Introduce various request attributes to propagate result from ZPE. | ||||
* | Add checkAccessAllowed method that consumes access token + certificate | Bjørn Christian Seime | 2020-01-24 | 1 | -0/+11 |
| | |||||
* | Return the matched role in checkAccessAllowed methods | Bjørn Christian Seime | 2020-01-24 | 1 | -5/+7 |
| | | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter. | ||||
* | Revert "Bjorncs/update zpe" | Harald Musum | 2020-01-24 | 1 | -7/+5 |
| | |||||
* | Return the matched role in checkAccessAllowed methods | Bjørn Christian Seime | 2020-01-24 | 1 | -5/+7 |
| | | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter. | ||||
* | Remove NToken support from AthenzPrincipalFilter | Bjørn Christian Seime | 2019-09-11 | 1 | -90/+9 |
| |