honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: remove the realtime request interceptor 

The realtime request interceptor was added to stop realtime requests from bypassing DLS
or FLS as the request could read a document from the translog. After
elastic/elasticsearchelastic/elasticsearch#20102 we no longer read documents from the translog so we can
allow realtime requests even when DLS or FLS is enabled.

Original commit: elastic/x-pack-elasticsearch@069b501500
This commit is contained in:
jaymode 2016-08-25 09:03:56 -04:00
parent dfdf77c536
commit 098e61fbc1
2 changed files with 0 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java
View File

@ -11,7 +11,6 @@ import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
import org.elasticsearch.xpack.security.action.interceptor.BulkRequestInterceptor;
import org.elasticsearch.xpack.security.action.interceptor.FieldStatsRequestInterceptor;
import org.elasticsearch.xpack.security.action.interceptor.RealtimeRequestInterceptor;
import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor;
import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor;
@ -32,7 +31,6 @@ public class SecurityActionModule extends AbstractSecurityModule.Node {
Multibinder<RequestInterceptor> multibinder
= Multibinder.newSetBinder(binder(), RequestInterceptor.class);
if (XPackSettings.DLS_FLS_ENABLED.get(settings)) {
multibinder.addBinding().to(RealtimeRequestInterceptor.class);
multibinder.addBinding().to(SearchRequestInterceptor.class);
multibinder.addBinding().to(UpdateRequestInterceptor.class);
multibinder.addBinding().to(BulkRequestInterceptor.class);

36
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java
View File

@ -1,36 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.action.interceptor;
import org.elasticsearch.action.RealtimeRequest;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportRequest;
/**
* If field level or document level security is enabled this interceptor disables the realtime feature of get, multi get, termsvector and
* multi termsvector requests.
*/
public class RealtimeRequestInterceptor extends FieldAndDocumentLevelSecurityRequestInterceptor<RealtimeRequest> {
@Inject
public RealtimeRequestInterceptor(Settings settings, ThreadPool threadPool, XPackLicenseState licenseState) {
super(settings, threadPool.getThreadContext(), licenseState);
}
@Override
protected void disableFeatures(RealtimeRequest realtimeRequest, boolean fieldLevelSecurityEnabled,
boolean documentLevelSecurityEnabled) {
realtimeRequest.realtime(false);
}
@Override
public boolean supports(TransportRequest request) {
return request instanceof RealtimeRequest;
}
}