aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter
Commit message (Collapse)AuthorAgeFilesLines
* Add expiration concept to data plane tokensBjørn Christian Seime2023-07-121-5/+44
|
* Simplify token API by using fixed context for fingerprintsTor Brede Vekterli2023-06-151-2/+2
| | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere.
* Misc improvementsBjørn Christian Seime2023-06-151-14/+3
| | | | | | | Remove duplicate unit tests. Improve symbol names. Use `Map` to simplify code and reduce cost. Introduce constant for the number of bytes in token check hash. Improve code comments.
* Support tokens in Cloud data plane filterBjørn Christian Seime2023-06-141-7/+136
|
* Allow subdomains in CORS filtersValerij Fredriksen2023-06-062-0/+46
|
* Move config to configdefinitionsMorten Tokle2022-11-221-0/+1
|
* Introduce Cloud data plane security filterBjørn Christian Seime2022-11-221-0/+150
|
* Add test helper to construct filter request instanceBjørn Christian Seime2022-11-167-60/+29
|
* compare oranges with orangesAndreas Eriksen2022-08-171-0/+8
|
* Convert jdisc-security-filters to junit5Bjørn Christian Seime2022-07-278-57/+56
|
* Move rule-based-filter config to configdefinitions module/bundlegjoranv2022-07-271-2/+3
| | | | | | | .. to remove import-package from config-model to jdisc-security-filters. - Keep the old config def for a while in case it's needed by hosted Vespa config models.
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-201-2/+2
|
* Avoid segment validation in rule based filterjonmv2022-04-111-1/+1
|
* GC deprecated junit assertThat.Henning Baldersheim2021-12-213-29/+23
|
* Make DiscFilterResponse concrete and remove package-private sub-classBjørn Christian Seime2021-12-031-24/+2
| | | | | Make DiscFilterResponse opereate directly on a jdisc-core Response instance. Reduce use of jdisc-core types from its public API.
* Reapply "Remove Servlet integration from container-core [run-systemtest]""Bjørn Christian Seime2021-12-031-2/+2
|
* Revert "Remove Servlet integration from container-core [run-systemtest]"Jon Marius Venstad2021-12-031-2/+2
|
* Remove Servlet integration from container-coreBjørn Christian Seime2021-12-021-2/+2
|
* Update 2020 Oath copyrights.gjoranv2021-10-271-1/+1
|
* Update Verizon Media copyright notices.gjoranv2021-10-071-1/+1
|
* Update 2018 copyright notices.gjoranv2021-10-075-5/+5
|
* Update 2017 copyright notices.gjoranv2021-10-071-1/+1
|
* Add request and acl mapping values as metric dimensionsMorten Tokle2021-06-111-1/+3
|
* Return request origin when wildcard is allowedValerij Fredriksen2021-05-111-1/+1
|
* Remove corse filter base class that is no longer relevantBjørn Christian Seime2021-05-071-60/+0
|
* Allow wildcard in allowedUrls for CorsPreflightRequestFilterValerij Fredriksen2021-05-061-1/+10
|
* Test that access token is ignored when client has role certificateBjørn Christian Seime2021-03-021-0/+14
|
* Test dryrunBjørn Christian Seime2021-02-231-0/+15
|
* Add configurable response headers for blocked requestsBjørn Christian Seime2021-02-231-1/+55
|
* Add rule based request filterBjørn Christian Seime2021-02-171-0/+174
|
* Athenz jdisc filter: support proxied access token from trusted peerBjørn Christian Seime2021-02-111-13/+93
|
* Create default connector request chainMorten Tokle2020-11-231-0/+66
|
* Expose metrics from filterMorten Tokle2020-03-191-1/+66
|
* Merge pull request #12466 from vespa-engine/bjorncs/improve-error-messageBjørn Christian Seime2020-03-101-0/+10
|\ | | | | Improve error message on when all allowed credentials are missing
| * Improve error message on when all allowed credentials are missingBjørn Christian Seime2020-03-051-0/+10
| |
* | Add expiry timeMorten Tokle2020-03-061-1/+3
|/
* Rewrite AthenzAuthorizationFilter to accept access tokensBjørn Christian Seime2020-01-301-40/+145
| | | | | | Change athenz-authorization-filter.def to have an enum set of enabled credentials. Delegate to ZPE to determine if a certificate is an Athenz role or identity certificate. Introduce various request attributes to propagate result from ZPE.
* Add checkAccessAllowed method that consumes access token + certificateBjørn Christian Seime2020-01-241-0/+11
|
* Return the matched role in checkAccessAllowed methodsBjørn Christian Seime2020-01-241-5/+7
| | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter.
* Revert "Bjorncs/update zpe"Harald Musum2020-01-241-7/+5
|
* Return the matched role in checkAccessAllowed methodsBjørn Christian Seime2020-01-241-5/+7
| | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter.
* Remove NToken support from AthenzPrincipalFilterBjørn Christian Seime2019-09-111-90/+9
|
* Move LocalhostFilter and NoopFilter to jdisc-security-filtersBjørn Christian Seime2019-05-091-0/+60
|
* Let AthenzPrincipalFilter inherit JSRFB directlyJon Marius Venstad2019-05-021-6/+2
|
* Add passthrough mode to AthenzPrincipalFilterBjørn Christian Seime2018-10-041-12/+38
| | | | | | - No http response when passthrough mode is enable - Introduce attributes for error code and message - Introduce attribute for AthenzPrincipal instance
* Add copyright headerJon Bratseth2018-10-012-2/+4
|
* Replace use of com.yahoo.vespa.athenz.tls with com.yahoo.securityBjørn Christian Seime2018-09-051-6/+8
| | | | - Use replace RSA with EC in unit tests where possible
* Move AthenzPrincipalFilter to jdisc-security-filtersBjørn Christian Seime2018-07-261-0/+200
|
* Fix typoBjørn Christian Seime2018-06-211-1/+1
|
* Rename 'AccessCheckResult' -> 'AuthorizationResult'Bjørn Christian Seime2018-06-211-10/+10
|