From 6ef87df07fa0c0ffdd595e39647e8253cb558d92 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Thu, 9 Feb 2023 11:33:48 +0100 Subject: Introduce capbilities for unclassified APIs Require 'vespa.rpc.unclassified' by default for all JRT APIs --- jrt/src/com/yahoo/jrt/Method.java | 2 +- jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'jrt') diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java index 89c66747e0b..e69c6bcd802 100644 --- a/jrt/src/com/yahoo/jrt/Method.java +++ b/jrt/src/com/yahoo/jrt/Method.java @@ -40,7 +40,7 @@ public class Method { private String[] returnName; private String[] returnDesc; - private RequestAccessFilter filter = RequestAccessFilter.ALLOW_ALL; + private RequestAccessFilter filter = RequireCapabilitiesFilter.unclassified(); private static final String undocumented = "???"; diff --git a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java index 9bb497e96ed..90cc19880f0 100644 --- a/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java +++ b/jrt/src/com/yahoo/jrt/RequireCapabilitiesFilter.java @@ -10,6 +10,9 @@ import com.yahoo.security.tls.MissingCapabilitiesException; */ public class RequireCapabilitiesFilter implements RequestAccessFilter { + private static final RequireCapabilitiesFilter UNCLASSIFIED = + new RequireCapabilitiesFilter(Capability.RPC_UNCLASSIFIED); + private final CapabilitySet requiredCapabilities; public RequireCapabilitiesFilter(CapabilitySet requiredCapabilities) { @@ -20,6 +23,8 @@ public class RequireCapabilitiesFilter implements RequestAccessFilter { this(CapabilitySet.from(requiredCapabilities)); } + public static RequireCapabilitiesFilter unclassified() { return UNCLASSIFIED; } + @Override public boolean allow(Request r) { try { -- cgit v1.2.3