summaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters
Commit message (Collapse)AuthorAgeFilesLines
* Create default connector request chainMorten Tokle2020-11-232-0/+87
|
* Allow no argument to install_config_definitionsHarald Musum2020-09-121-1/+1
| | | | | Use src/main/resources/configdefinitions as default when no argument is given
* Use full name in config definition file namesHarald Musum2020-09-105-1/+1
|
* LogLevel.DEBUG -> Level.FINEgjoranv2020-04-252-5/+5
|
* Import java.util.logging.Level instead of com.yahoo.log.LogLevelgjoranv2020-04-252-2/+2
|
* Expose metrics from filterMorten Tokle2020-03-192-4/+97
|
* Merge pull request #12466 from vespa-engine/bjorncs/improve-error-messageBjørn Christian Seime2020-03-102-1/+31
|\ | | | | Improve error message on when all allowed credentials are missing
| * Improve error message on when all allowed credentials are missingBjørn Christian Seime2020-03-052-1/+31
| |
* | Add expiry timeMorten Tokle2020-03-061-1/+3
|/
* Close executor on deconstructionJon Marius Venstad2020-02-271-1/+2
|
* Add public modifier to constructor and filter()Bjørn Christian Seime2020-01-311-4/+4
|
* Rewrite AthenzAuthorizationFilter to accept access tokensBjørn Christian Seime2020-01-303-124/+266
| | | | | | Change athenz-authorization-filter.def to have an enum set of enabled credentials. Delegate to ZPE to determine if a certificate is an Athenz role or identity certificate. Introduce various request attributes to propagate result from ZPE.
* Add debug logging of error responsesBjørn Christian Seime2020-01-291-2/+7
|
* Add toString() to ResourceNameAndActionBjørn Christian Seime2020-01-291-0/+8
|
* Add checkAccessAllowed method that consumes access token + certificateBjørn Christian Seime2020-01-241-0/+11
|
* Return the matched role in checkAccessAllowed methodsBjørn Christian Seime2020-01-242-7/+10
| | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter.
* Revert "Bjorncs/update zpe"Harald Musum2020-01-242-10/+7
|
* Return the matched role in checkAccessAllowed methodsBjørn Christian Seime2020-01-242-7/+10
| | | | | | Rewrite AuthorizationResult to specify result type as a inner Type enum. Add matched role to AuthorizationResult. Propagate matched role to request object in AthenzAuthorizationFilter.
* Install more config definition files.Tor Egge2019-11-291-1/+1
|
* Remove unneeded install of java artifact dependencies.Tor Egge2019-11-181-1/+0
|
* Remove NToken support from AthenzPrincipalFilterBjørn Christian Seime2019-09-113-131/+14
|
* Move BlockingRequestFilter to jdisc-security-filtersBjørn Christian Seime2019-05-091-0/+18
|
* Move LocalhostFilter and NoopFilter to jdisc-security-filtersBjørn Christian Seime2019-05-093-0/+113
|
* Add test for SignatureFilterJon Marius Venstad2019-05-021-1/+1
|
* Let AthenzPrincipalFilter inherit JSRFB directlyJon Marius Venstad2019-05-022-16/+6
|
* Use roles for authorizationMartin Polden2019-03-221-5/+0
|
* Revert "Merge pull request #8370 from ↵Jon Bratseth2019-02-041-1/+1
| | | | | | | vespa-engine/revert-8308-bratseth/disallow-dash-rebased" This reverts commit 43cf4fd1ec196cb0543af73db8e3bd1f6774f0a8, reversing changes made to 14172aa5cd890445980202909d1277429e4c5a3a.
* Revert "Bratseth/disallow dash rebased"Jon Bratseth2019-02-041-1/+1
|
* Nonfunctional changes onlyJon Bratseth2019-01-311-1/+1
|
* 6-SNAPSHOT -> 7-SNAPSHOTArnstein Ressem2019-01-211-2/+2
|
* Revert "Bratseth/disallow dash "Jon Bratseth2019-01-161-1/+1
|
* Nonfunctional changes onlyJon Bratseth2019-01-101-1/+1
|
* Allow okta headersMorten Tokle2018-10-221-4/+1
|
* Add passthrough mode to AthenzPrincipalFilterBjørn Christian Seime2018-10-043-17/+66
| | | | | | - No http response when passthrough mode is enable - Introduce attributes for error code and message - Introduce attribute for AthenzPrincipal instance
* Add copyright headerJon Bratseth2018-10-012-2/+4
|
* Replace use of com.yahoo.vespa.athenz.tls with com.yahoo.securityBjørn Christian Seime2018-09-051-6/+8
| | | | - Use replace RSA with EC in unit tests where possible
* Move AthenzPrincipalFilter to jdisc-security-filtersBjørn Christian Seime2018-07-263-0/+303
|
* Fix typoBjørn Christian Seime2018-06-211-1/+1
|
* Rename 'AccessCheckResult' -> 'AuthorizationResult'Bjørn Christian Seime2018-06-212-15/+15
|
* Disable client caching of error responsesBjørn Christian Seime2018-06-201-0/+1
|
* Correct unintentional method nameBjørn Christian Seime2018-06-203-3/+3
|
* Add new Athenz security filter based on ZPEBjørn Christian Seime2018-06-208-0/+349
| | | | | - Allow flexible configuration of filter using a resource mapper - Add helper class to extract role and identity from role certificates
* Add X-Content-Type-Options headerMorten Tokle2018-06-131-0/+1
|
* Add jdisc filter that adds recommened security-related response headersBjørn Christian Seime2018-06-052-0/+29
|
* Make CorsRequestFilterBase extend JsonSecurityRequestFilterBaseBjørn Christian Seime2018-04-242-44/+9
|
* Add base class for security filters rendering errors as jsonBjørn Christian Seime2018-04-243-0/+151
|
* Change package name and class name of Cors filtersBjørn Christian Seime2018-04-0910-43/+40
| | | | | * Change package name to 'com.yahoo.jdisc.filter.security.cors' * Remove 'Security' from names of Cors class names
* Make jdisc-security-filters a pre-install requirement of jdiscBjørn Christian Seime2018-04-091-0/+5
|
* Add readme to jdisc-security-filtersBjørn Christian Seime2018-04-091-0/+4
|
* Add new module jdisc-security-filtersBjørn Christian Seime2018-04-0911-0/+559
* Add new base class for security filters supporting CORS headers * Add CORS response filter and preflight request filter