aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc-security-filters
Commit message (Collapse)AuthorAgeFilesLines
* client to manage role memberships in rdsMorten Tokle2023-12-011-0/+13
|
* Add back methods accidentally removed.Henning Baldersheim2023-11-241-1/+4
|
* Move Jackson util from vespajlib to container-core.Henning Baldersheim2023-11-243-3/+3
|
* jackson 2.16 changes some of its default settings so we consolidate our use ↵Henning Baldersheim2023-11-233-12/+7
| | | | | | of the ObjectMapper. Unless special options are used, use a common instance, or create via factory metod.
* Update copyrightJon Bratseth2023-10-0947-55/+55
|
* Group fingerprints by token idjonmv2023-09-282-7/+27
|
* Use switch expressionsjonmv2023-09-282-0/+6
|
* Address reviewjonmv2023-09-282-1/+3
|
* Set up token-tell-handler with data-plane token filterjonmv2023-09-282-0/+83
|
* Improve testMorten Tokle2023-09-211-8/+21
|
* Allow empty clientsMorten Tokle2023-09-212-1/+18
|
* Use Guice 6.0Bjørn Christian Seime2023-09-041-0/+5
| | | | | | https://github.com/google/guice/wiki/Guice600 We cannot upgrade to 7.x as we export javax.inject from container. 6.x supports both the old javax.inject and the new jakarta.inject replacement.
* Misc improvements to `CloudDataPlaneFilter(Test)`Bjørn Christian Seime2023-07-194-14/+10
|
* Split token authz into dedicated filter `CloudTokenDataPlaneFilter`Bjørn Christian Seime2023-07-196-326/+466
|
* Don't ignore expired tokens while processing configBjørn Christian Seime2023-07-171-6/+1
|
* Add expiration concept to data plane tokensBjørn Christian Seime2023-07-123-14/+75
|
* Fail if PEM does not contain any certificate entriesBjørn Christian Seime2023-06-191-0/+2
|
* Split each certificate into separate config entriesBjørn Christian Seime2023-06-191-2/+2
|
* Simplify token API by using fixed context for fingerprintsTor Brede Vekterli2023-06-152-3/+3
| | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere.
* Misc improvementsBjørn Christian Seime2023-06-152-25/+21
| | | | | | | Remove duplicate unit tests. Improve symbol names. Use `Map` to simplify code and reduce cost. Introduce constant for the number of bytes in token check hash. Improve code comments.
* Improve validation of configBjørn Christian Seime2023-06-151-1/+13
| | | | Verify that at least one client definition requires certificate. Add note on legacy mode.
* Support tokens in Cloud data plane filterBjørn Christian Seime2023-06-142-23/+225
|
* Allow subdomains in CORS filtersValerij Fredriksen2023-06-065-21/+91
|
* Move metrics definitions to metrics:ai.vespa.metricsgjoranv2023-05-082-3/+3
|
* Use enums for remaining container metrics.yngveaasheim2023-03-151-2/+3
|
* Use ContainerMetrics enum more placesYngve Aasheim2023-01-201-2/+3
|
* Revert "Revert collect(Collectors.toList())"Henning Baldersheim2022-12-042-2/+2
|
* Revert collect(Collectors.toList())Henning Baldersheim2022-12-042-2/+2
|
* collect(Collectors.toList()) -> toList()Henning Baldersheim2022-12-022-2/+2
|
* Move config to configdefinitionsMorten Tokle2022-11-223-7/+2
|
* Introduce Cloud data plane security filterBjørn Christian Seime2022-11-224-0/+310
|
* Add test helper to construct filter request instanceBjørn Christian Seime2022-11-168-60/+39
|
* Cleanup RequestResourceMapper APIBjørn Christian Seime2022-11-152-9/+3
|
* remove obsolete codeMorten Tokle2022-11-112-25/+6
|
* Revert "remove obsolete code"Henning Baldersheim2022-11-102-6/+25
|
* remove obsolete codeMorten Tokle2022-11-102-25/+6
|
* Prevent browser API cachingMorten Tokle2022-10-252-2/+1
|
* Prevent browsers caching api responsesMorten Tokle2022-10-241-0/+1
|
* Allow 'Vespa-Csrf-Token' headerBjørn Christian Seime2022-09-261-1/+2
|
* Remove old config definition that has been replaced by ...gjoranv2022-08-311-20/+0
| | | | | jdisc.http.filter.security.rule.config.rule-based-filter.def in the 'configdefinitions' module.
* compare oranges with orangesAndreas Eriksen2022-08-172-1/+9
|
* Add Referrer-Policy headerMorten Tokle2022-08-011-0/+1
|
* Convert jdisc-security-filters to junit5Bjørn Christian Seime2022-07-279-73/+62
|
* Move rule-based-filter config to configdefinitions module/bundlegjoranv2022-07-275-11/+13
| | | | | | | .. to remove import-package from config-model to jdisc-security-filters. - Keep the old config def for a while in case it's needed by hosted Vespa config models.
* Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-201-2/+2
|
* Add x-frame-optionsMorten Tokle2022-06-281-0/+1
|
* Fix javadocValerij Fredriksen2022-06-271-2/+2
|
* Create CSP response filterValerij Fredriksen2022-06-272-0/+37
|
* Remove unnecessary deps to security-utils, now included in container-devgjoranv2022-06-161-6/+0
|
* Set project version to 8-SNAPSHOTgjoranv2022-06-081-2/+2
|