aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters/src
Commit message (Collapse)AuthorAgeFilesLines
* Update copyrightJon Bratseth2023-10-0944-52/+52
|
* Group fingerprints by token idjonmv2023-09-282-7/+27
|
* Use switch expressionsjonmv2023-09-282-0/+6
|
* Address reviewjonmv2023-09-282-1/+3
|
* Set up token-tell-handler with data-plane token filterjonmv2023-09-282-0/+83
|
* Improve testMorten Tokle2023-09-211-8/+21
|
* Allow empty clientsMorten Tokle2023-09-212-1/+18
|
* Misc improvements to `CloudDataPlaneFilter(Test)`Bjørn Christian Seime2023-07-194-14/+10
|
* Split token authz into dedicated filter `CloudTokenDataPlaneFilter`Bjørn Christian Seime2023-07-196-326/+466
|
* Don't ignore expired tokens while processing configBjørn Christian Seime2023-07-171-6/+1
|
* Add expiration concept to data plane tokensBjørn Christian Seime2023-07-122-14/+69
|
* Fail if PEM does not contain any certificate entriesBjørn Christian Seime2023-06-191-0/+2
|
* Split each certificate into separate config entriesBjørn Christian Seime2023-06-191-2/+2
|
* Simplify token API by using fixed context for fingerprintsTor Brede Vekterli2023-06-152-3/+3
| | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere.
* Misc improvementsBjørn Christian Seime2023-06-152-25/+21
| | | | | | | Remove duplicate unit tests. Improve symbol names. Use `Map` to simplify code and reduce cost. Introduce constant for the number of bytes in token check hash. Improve code comments.
* Improve validation of configBjørn Christian Seime2023-06-151-1/+13
| | | | Verify that at least one client definition requires certificate. Add note on legacy mode.
* Support tokens in Cloud data plane filterBjørn Christian Seime2023-06-142-23/+225
|
* Allow subdomains in CORS filtersValerij Fredriksen2023-06-065-21/+91
|
* Move metrics definitions to metrics:ai.vespa.metricsgjoranv2023-05-082-3/+3
|
* Use enums for remaining container metrics.yngveaasheim2023-03-151-2/+3
|
* Use ContainerMetrics enum more placesYngve Aasheim2023-01-201-2/+3
|
* Revert "Revert collect(Collectors.toList())"Henning Baldersheim2022-12-042-2/+2
|
* Revert collect(Collectors.toList())Henning Baldersheim2022-12-042-2/+2
|
* collect(Collectors.toList()) -> toList()Henning Baldersheim2022-12-022-2/+2
|
* Move config to configdefinitionsMorten Tokle2022-11-223-7/+2
|
* Introduce Cloud data plane security filterBjørn Christian Seime2022-11-224-0/+310
|
* Add test helper to construct filter request instanceBjørn Christian Seime2022-11-167-60/+29
|
* Cleanup RequestResourceMapper APIBjørn Christian Seime2022-11-152-9/+3
|
* remove obsolete codeMorten Tokle2022-11-112-25/+6
|
* Revert "remove obsolete code"Henning Baldersheim2022-11-102-6/+25
|
* remove obsolete codeMorten Tokle2022-11-102-25/+6
|
* Prevent browser API cachingMorten Tokle2022-10-252-2/+1
|
* Prevent browsers caching api responsesMorten Tokle2022-10-241-0/+1
|
* Allow 'Vespa-Csrf-Token' headerBjørn Christian Seime2022-09-261-1/+2
|
* Remove old config definition that has been replaced by ...gjoranv2022-08-311-20/+0
| | | | | jdisc.http.filter.security.rule.config.rule-based-filter.def in the 'configdefinitions' module.
* compare oranges with orangesAndreas Eriksen2022-08-172-1/+9
|
* Add Referrer-Policy headerMorten Tokle2022-08-011-0/+1
|
* Convert jdisc-security-filters to junit5Bjørn Christian Seime2022-07-278-57/+56
|
* Move rule-based-filter config to configdefinitions module/bundlegjoranv2022-07-274-11/+7
| | | | | | | .. to remove import-package from config-model to jdisc-security-filters. - Keep the old config def for a while in case it's needed by hosted Vespa config models.
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-201-2/+2
|
* Add x-frame-optionsMorten Tokle2022-06-281-0/+1
|
* Fix javadocValerij Fredriksen2022-06-271-2/+2
|
* Create CSP response filterValerij Fredriksen2022-06-272-0/+37
|
* Use '@Inject' from 'annotations' in multiple bundlesBjørn Christian Seime2022-05-066-6/+6
|
* Move User from controller-api to jdisc-security-filtersBjørn Christian Seime2022-04-272-0/+103
|
* Add comment about why there is no path segment validation in rule filterjonmv2022-04-111-0/+2
|
* Only create Path if there are any patterns to match againstjonmv2022-04-111-2/+1
|
* Avoid segment validation in rule based filterjonmv2022-04-112-2/+2
|
* GC deprecated junit assertThat.Henning Baldersheim2021-12-213-29/+23
|
* Make DiscFilterResponse concrete and remove package-private sub-classBjørn Christian Seime2021-12-031-24/+2
| | | | | Make DiscFilterResponse opereate directly on a jdisc-core Response instance. Reduce use of jdisc-core types from its public API.