Set correct auth settings for all actions

A test has been added to RequestHandlerTest, making sure that, while we merely log errors for the time being, the correct dummy AuthResult is being created. Most actions use the default settings, which have been changed to INTERNAL / APP / IGNORED. Actions with non-default settings are: INTERNAL/NONE/PUBLIC (non-auth public endpoints) CheckApiAction WhoisHttpServer Rdap*Action INTERNAL,API/APP/ADMIN (things currently protected by web.xml) EppTlsAction EppToolAction CreateGroupsAction CreatePremiumListAction DeleteEntityAction List*sAction UpdatePremiumListAction VerifyOteAction WhoisServer INTERNAL,API,LEGACY/USER/PUBLIC (registrar console) RegistrarPaymentAction RegistrarPaymentSetupAction RegistrarSettingsAction EppConsoleAction INTERNAL,API,LEGACY/NONE/PUBLIC (registrar console main page) ConsoleUiAction ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149761652
2026-01-08 07:11:44 +00:00 · 2017-03-10 08:47:52 -08:00
parent f5e76868f0
commit 1f000b94e6
38 changed files with 450 additions and 133 deletions
--- a/java/google/registry/whois/WhoisHttpServer.java
+++ b/java/google/registry/whois/WhoisHttpServer.java
@@ -32,6 +32,8 @@ import google.registry.config.RegistryConfig.Config;
 import google.registry.request.Action;
 import google.registry.request.RequestPath;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import google.registry.whois.WhoisMetrics.WhoisMetric;
@@ -47,11 +49,10 @@ import org.joda.time.Duration;
 /**
 * Human-Friendly HTTP WHOIS API
 *
- * <p>This API uses easy to understand paths rather than {@link WhoisServer} which
- * requires a POST request containing a WHOIS command. Because the typical WHOIS command is
- * along the lines of {@code "domain google.lol"} or the equivalent {@code "google.lol}, this
- * servlet is just going to replace the slashes with spaces and let {@link WhoisReader}
- * figure out what to do.
+ * <p>This API uses easy to understand paths rather than {@link WhoisServer} which requires a POST
+ * request containing a WHOIS command. Because the typical WHOIS command is along the lines of
+ * {@code "domain google.lol"} or the equivalent {@code "google.lol}, this servlet is just going to
+ * replace the slashes with spaces and let {@link WhoisReader} figure out what to do.
 *
 * <p>This servlet accepts requests from any origin.
 *
@@ -95,7 +96,11 @@ import org.joda.time.Duration;
 *
 * @see WhoisServer
 */
-@Action(path = WhoisHttpServer.PATH, isPrefix = true)
+@Action(
+  path = WhoisHttpServer.PATH,
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public final class WhoisHttpServer implements Runnable {

  public static final String PATH = "/whois/";