diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 27c14bd33ae..60db13d767a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -36,6 +36,7 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.index.IndexModule; import org.elasticsearch.plugins.ActionPlugin; import org.elasticsearch.rest.RestHandler; +import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.security.action.SecurityActionModule; import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter; @@ -87,8 +88,9 @@ import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordActio import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction; import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction; import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction; +import org.elasticsearch.xpack.security.ssl.ClientSSLService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration; -import org.elasticsearch.xpack.security.ssl.SSLModule; +import org.elasticsearch.xpack.security.ssl.ServerSSLService; import org.elasticsearch.xpack.security.support.OptionalSettings; import org.elasticsearch.xpack.security.transport.SecurityClientTransportService; import org.elasticsearch.xpack.security.transport.SecurityServerTransportService; @@ -115,6 +117,7 @@ public class Security implements ActionPlugin { public static final Setting> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope); private final Settings settings; + private final Environment env; private final boolean enabled; private final boolean transportClientMode; private final SecurityLicenseState securityLicenseState; @@ -122,6 +125,7 @@ public class Security implements ActionPlugin { public Security(Settings settings, Environment env) throws IOException { this.settings = settings; + this.env = env; this.transportClientMode = XPackPlugin.transportClientMode(settings); this.enabled = XPackPlugin.featureEnabled(settings, NAME, true); if (enabled && transportClientMode == false) { @@ -154,7 +158,12 @@ public class Security implements ActionPlugin { } modules.add(new SecurityModule(settings)); modules.add(new SecurityTransportModule(settings)); - modules.add(new SSLModule(settings)); + modules.add(b -> { + // for transport client we still must construct these ssl classes with guice + b.bind(ServerSSLService.class).toProvider(Providers.of(null)); + b.bind(ClientSSLService.class).toInstance(new ClientSSLService(settings, new SSLConfiguration.Global(settings))); + }); + return modules; } @@ -178,7 +187,6 @@ public class Security implements ActionPlugin { modules.add(new SecurityRestModule(settings)); modules.add(new SecurityActionModule(settings)); modules.add(new SecurityTransportModule(settings)); - modules.add(new SSLModule(settings)); return modules; } @@ -192,6 +200,21 @@ public class Security implements ActionPlugin { return list; } + public Collection createComponents(ResourceWatcherService resourceWatcherService) { + if (enabled == false) { + return Collections.emptyList(); + } + + final SSLConfiguration.Global globalSslConfig = new SSLConfiguration.Global(settings); + // client ssl still has an injected ctor b/c it is used by transport client, and + // there environmet and resource watcher do not exist, so we must set them after construction + final ClientSSLService clientSSLService = new ClientSSLService(settings, globalSslConfig); + clientSSLService.setEnvAndResourceWatcher(env, resourceWatcherService); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, globalSslConfig, resourceWatcherService); + + return Arrays.asList(clientSSLService, serverSSLService); + } + public Settings additionalSettings() { if (enabled == false) { return Settings.EMPTY; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 219e020b3f4..4ea78793a32 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -152,7 +152,7 @@ public class ESNativeRealmMigrateTool extends MultiCommand { Settings sslSettings = settings.getByPrefix(setting("http.ssl.")); SSLConfiguration.Global globalConfig = new SSLConfiguration.Global(settings); final ClientSSLService sslService = new ClientSSLService(sslSettings, globalConfig); - sslService.setEnvironment(env); + sslService.setEnvAndResourceWatcher(env, null); final HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection(); AccessController.doPrivileged(new PrivilegedAction() { @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java index 634ad12e074..18c37132dfb 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java @@ -5,26 +5,19 @@ */ package org.elasticsearch.xpack.security.ssl; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; public class ClientSSLService extends AbstractSSLService { - @Inject public ClientSSLService(Settings settings, Global globalSSLConfiguration) { super(settings, null, globalSSLConfiguration, null); } - @Inject(optional = true) - public void setEnvironment(Environment environment) { + public void setEnvAndResourceWatcher(Environment environment, ResourceWatcherService resourceWatcherService) { this.env = environment; - } - - @Inject(optional = true) - public void setResourceWatcherService(ResourceWatcherService resourceWatcherService) { this.resourceWatcherService = resourceWatcherService; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java index dea26e304ae..84aa8a853eb 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java @@ -5,13 +5,6 @@ */ package org.elasticsearch.xpack.security.ssl; -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsModule; -import org.elasticsearch.common.unit.TimeValue; - import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManagerFactory; import java.util.Arrays; @@ -21,6 +14,11 @@ import java.util.Objects; import java.util.Optional; import java.util.function.Function; +import org.elasticsearch.common.settings.Setting; +import org.elasticsearch.common.settings.Setting.Property; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.unit.TimeValue; + import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.support.OptionalSettings.createInt; import static org.elasticsearch.xpack.security.support.OptionalSettings.createString; @@ -181,7 +179,6 @@ public abstract class SSLConfiguration { * * @param settings the global settings to build the SSL configuration from */ - @Inject public Global(Settings settings) { this.keyConfig = createGlobalKeyConfig(settings); this.trustConfig = createGlobalTrustConfig(settings, keyConfig); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java deleted file mode 100644 index 57cb5c4cf39..00000000000 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.ssl; - -import org.elasticsearch.common.inject.util.Providers; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; -import org.elasticsearch.xpack.security.support.AbstractSecurityModule; - -/** - * - */ -public class SSLModule extends AbstractSecurityModule { - - public SSLModule(Settings settings) { - super(settings); - } - - @Override - protected void configure(boolean clientMode) { - bind(Global.class).asEagerSingleton(); - bind(ClientSSLService.class).asEagerSingleton(); - if (clientMode) { - bind(ServerSSLService.class).toProvider(Providers.of(null)); - } else { - bind(ServerSSLService.class).asEagerSingleton(); - } - } -} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java index 84196117a2d..254f6870e4a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java @@ -5,15 +5,13 @@ */ package org.elasticsearch.xpack.security.ssl; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; public class ServerSSLService extends AbstractSSLService { - @Inject public ServerSSLService(Settings settings, Environment environment, Global globalSSLConfiguration, ResourceWatcherService resourceWatcherService) { super(settings, environment, globalSSLConfiguration, resourceWatcherService); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java index 5d7e57aedf4..feece444980 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java @@ -44,7 +44,7 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase { globalSettings = builder.build(); Environment environment = new Environment(globalSettings); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); - clientSSLService.setEnvironment(environment); + clientSSLService.setEnvAndResourceWatcher(environment, null); } Settings buildAdSettings(String ldapUrl, String adDomainName, String userSearchDN, LdapSearchScope scope, diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java index 808b6420eff..d85cdedacaf 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java @@ -41,7 +41,7 @@ public abstract class GroupsResolverTestCase extends ESTestCase { Settings settings = builder.build(); Environment env = new Environment(settings); ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings)); - clientSSLService.setEnvironment(env); + clientSSLService.setEnvAndResourceWatcher(env, null); LDAPURL ldapurl = new LDAPURL(ldapUrl()); LDAPConnectionOptions options = new LDAPConnectionOptions(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java index 03db6a4ee15..82bf32f435d 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java @@ -76,7 +76,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase { .put("xpack.security.ssl.keystore.password", "changeit") .build(); clientSSLService = new ClientSSLService(settings, new Global(settings)); - clientSSLService.setEnvironment(env); + clientSSLService.setEnvAndResourceWatcher(env, null); globalSettings = Settings.builder().put("path.home", createTempDir()).build(); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java index dace77af176..c21b6b91720 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java @@ -59,7 +59,7 @@ public class OpenLdapTests extends ESTestCase { globalSettings = builder.build(); Environment environment = new Environment(globalSettings); clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings)); - clientSSLService.setEnvironment(environment); + clientSSLService.setEnvAndResourceWatcher(environment, null); } public void testConnect() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java index 18beb8e0b34..7ce687d1ee0 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java @@ -285,7 +285,7 @@ public class ClientSSLServiceTests extends ESTestCase { private ClientSSLService createClientSSLService(Settings settings) { ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings)); - clientSSLService.setEnvironment(env); + clientSSLService.setEnvAndResourceWatcher(env, null); return clientSSLService; } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java index a5be4b28933..1c1af831f72 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java @@ -45,7 +45,7 @@ public class SecurityNetty3TransportTests extends ESTestCase { Global globalSSLConfiguration = new Global(settings); serverSSLService = new ServerSSLService(settings, env, globalSSLConfiguration, null); clientSSLService = new ClientSSLService(settings, globalSSLConfiguration); - clientSSLService.setEnvironment(env); + clientSSLService.setEnvAndResourceWatcher(env, null); } public void testThatSSLCanBeDisabledByProfile() throws Exception { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java index 0f4cafb4e8d..0ecbf6d309f 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java @@ -192,6 +192,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin { components.add(internalClient); components.addAll(licensing.createComponents(clusterService, getClock(), security.getSecurityLicenseState())); + components.addAll(security.createComponents(resourceWatcherService)); // watcher http stuff Map httpAuthFactories = new HashMap<>();