Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Allow empty clients | Morten Tokle | 2023-09-21 | 2 | -1/+18 |
| | |||||
* | Use Guice 6.0 | Bjørn Christian Seime | 2023-09-04 | 1 | -0/+5 |
| | | | | | | https://github.com/google/guice/wiki/Guice600 We cannot upgrade to 7.x as we export javax.inject from container. 6.x supports both the old javax.inject and the new jakarta.inject replacement. | ||||
* | Misc improvements to `CloudDataPlaneFilter(Test)` | Bjørn Christian Seime | 2023-07-19 | 4 | -14/+10 |
| | |||||
* | Split token authz into dedicated filter `CloudTokenDataPlaneFilter` | Bjørn Christian Seime | 2023-07-19 | 6 | -326/+466 |
| | |||||
* | Don't ignore expired tokens while processing config | Bjørn Christian Seime | 2023-07-17 | 1 | -6/+1 |
| | |||||
* | Add expiration concept to data plane tokens | Bjørn Christian Seime | 2023-07-12 | 3 | -14/+75 |
| | |||||
* | Fail if PEM does not contain any certificate entries | Bjørn Christian Seime | 2023-06-19 | 1 | -0/+2 |
| | |||||
* | Split each certificate into separate config entries | Bjørn Christian Seime | 2023-06-19 | 1 | -2/+2 |
| | |||||
* | Simplify token API by using fixed context for fingerprints | Tor Brede Vekterli | 2023-06-15 | 2 | -3/+3 |
| | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere. | ||||
* | Misc improvements | Bjørn Christian Seime | 2023-06-15 | 2 | -25/+21 |
| | | | | | | | Remove duplicate unit tests. Improve symbol names. Use `Map` to simplify code and reduce cost. Introduce constant for the number of bytes in token check hash. Improve code comments. | ||||
* | Improve validation of config | Bjørn Christian Seime | 2023-06-15 | 1 | -1/+13 |
| | | | | Verify that at least one client definition requires certificate. Add note on legacy mode. | ||||
* | Support tokens in Cloud data plane filter | Bjørn Christian Seime | 2023-06-14 | 2 | -23/+225 |
| | |||||
* | Allow subdomains in CORS filters | Valerij Fredriksen | 2023-06-06 | 5 | -21/+91 |
| | |||||
* | Move metrics definitions to metrics:ai.vespa.metrics | gjoranv | 2023-05-08 | 2 | -3/+3 |
| | |||||
* | Use enums for remaining container metrics. | yngveaasheim | 2023-03-15 | 1 | -2/+3 |
| | |||||
* | Use ContainerMetrics enum more places | Yngve Aasheim | 2023-01-20 | 1 | -2/+3 |
| | |||||
* | Revert "Revert collect(Collectors.toList())" | Henning Baldersheim | 2022-12-04 | 2 | -2/+2 |
| | |||||
* | Revert collect(Collectors.toList()) | Henning Baldersheim | 2022-12-04 | 2 | -2/+2 |
| | |||||
* | collect(Collectors.toList()) -> toList() | Henning Baldersheim | 2022-12-02 | 2 | -2/+2 |
| | |||||
* | Move config to configdefinitions | Morten Tokle | 2022-11-22 | 3 | -7/+2 |
| | |||||
* | Introduce Cloud data plane security filter | Bjørn Christian Seime | 2022-11-22 | 4 | -0/+310 |
| | |||||
* | Add test helper to construct filter request instance | Bjørn Christian Seime | 2022-11-16 | 8 | -60/+39 |
| | |||||
* | Cleanup RequestResourceMapper API | Bjørn Christian Seime | 2022-11-15 | 2 | -9/+3 |
| | |||||
* | remove obsolete code | Morten Tokle | 2022-11-11 | 2 | -25/+6 |
| | |||||
* | Revert "remove obsolete code" | Henning Baldersheim | 2022-11-10 | 2 | -6/+25 |
| | |||||
* | remove obsolete code | Morten Tokle | 2022-11-10 | 2 | -25/+6 |
| | |||||
* | Prevent browser API caching | Morten Tokle | 2022-10-25 | 2 | -2/+1 |
| | |||||
* | Prevent browsers caching api responses | Morten Tokle | 2022-10-24 | 1 | -0/+1 |
| | |||||
* | Allow 'Vespa-Csrf-Token' header | Bjørn Christian Seime | 2022-09-26 | 1 | -1/+2 |
| | |||||
* | Remove old config definition that has been replaced by ... | gjoranv | 2022-08-31 | 1 | -20/+0 |
| | | | | | jdisc.http.filter.security.rule.config.rule-based-filter.def in the 'configdefinitions' module. | ||||
* | compare oranges with oranges | Andreas Eriksen | 2022-08-17 | 2 | -1/+9 |
| | |||||
* | Add Referrer-Policy header | Morten Tokle | 2022-08-01 | 1 | -0/+1 |
| | |||||
* | Convert jdisc-security-filters to junit5 | Bjørn Christian Seime | 2022-07-27 | 9 | -73/+62 |
| | |||||
* | Move rule-based-filter config to configdefinitions module/bundle | gjoranv | 2022-07-27 | 5 | -11/+13 |
| | | | | | | | .. to remove import-package from config-model to jdisc-security-filters. - Keep the old config def for a while in case it's needed by hosted Vespa config models. | ||||
* | Simplify type definition for subject alternative names | Bjørn Christian Seime | 2022-07-20 | 1 | -2/+2 |
| | |||||
* | Add x-frame-options | Morten Tokle | 2022-06-28 | 1 | -0/+1 |
| | |||||
* | Fix javadoc | Valerij Fredriksen | 2022-06-27 | 1 | -2/+2 |
| | |||||
* | Create CSP response filter | Valerij Fredriksen | 2022-06-27 | 2 | -0/+37 |
| | |||||
* | Remove unnecessary deps to security-utils, now included in container-dev | gjoranv | 2022-06-16 | 1 | -6/+0 |
| | |||||
* | Set project version to 8-SNAPSHOT | gjoranv | 2022-06-08 | 1 | -2/+2 |
| | |||||
* | Add explicit security-utils to get bouncycastle. | gjoranv | 2022-06-08 | 1 | -0/+6 |
| | |||||
* | install_jar CMake function | Håkon Hallingstad | 2022-05-20 | 1 | -1/+1 |
| | |||||
* | Use '@Inject' from 'annotations' in multiple bundles | Bjørn Christian Seime | 2022-05-06 | 6 | -6/+6 |
| | |||||
* | Move User from controller-api to jdisc-security-filters | Bjørn Christian Seime | 2022-04-27 | 2 | -0/+103 |
| | |||||
* | Add comment about why there is no path segment validation in rule filter | jonmv | 2022-04-11 | 1 | -0/+2 |
| | |||||
* | Only create Path if there are any patterns to match against | jonmv | 2022-04-11 | 1 | -2/+1 |
| | |||||
* | Avoid segment validation in rule based filter | jonmv | 2022-04-11 | 2 | -2/+2 |
| | |||||
* | GC deprecated junit assertThat. | Henning Baldersheim | 2021-12-21 | 3 | -29/+23 |
| | |||||
* | Make DiscFilterResponse concrete and remove package-private sub-class | Bjørn Christian Seime | 2021-12-03 | 1 | -24/+2 |
| | | | | | Make DiscFilterResponse opereate directly on a jdisc-core Response instance. Reduce use of jdisc-core types from its public API. | ||||
* | Reapply "Remove Servlet integration from container-core [run-systemtest]"" | Bjørn Christian Seime | 2021-12-03 | 1 | -2/+2 |
| |