From 098e61fbc15b34b580ef5c5d6b9b52a678a0ab35 Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 25 Aug 2016 09:03:56 -0400 Subject: [PATCH] security: remove the realtime request interceptor The realtime request interceptor was added to stop realtime requests from bypassing DLS or FLS as the request could read a document from the translog. After elastic/elasticsearchelastic/elasticsearch#20102 we no longer read documents from the translog so we can allow realtime requests even when DLS or FLS is enabled. Original commit: elastic/x-pack-elasticsearch@069b5015006073a1e7da1095fac2081d6baeba6d --- .../security/action/SecurityActionModule.java | 2 -- .../RealtimeRequestInterceptor.java | 36 ------------------- 2 files changed, 38 deletions(-) delete mode 100644 elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java index a5802fb7a9b..51f45cd6aaf 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java @@ -11,7 +11,6 @@ import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter; import org.elasticsearch.xpack.security.action.interceptor.BulkRequestInterceptor; import org.elasticsearch.xpack.security.action.interceptor.FieldStatsRequestInterceptor; -import org.elasticsearch.xpack.security.action.interceptor.RealtimeRequestInterceptor; import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor; import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor; import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor; @@ -32,7 +31,6 @@ public class SecurityActionModule extends AbstractSecurityModule.Node { Multibinder multibinder = Multibinder.newSetBinder(binder(), RequestInterceptor.class); if (XPackSettings.DLS_FLS_ENABLED.get(settings)) { - multibinder.addBinding().to(RealtimeRequestInterceptor.class); multibinder.addBinding().to(SearchRequestInterceptor.class); multibinder.addBinding().to(UpdateRequestInterceptor.class); multibinder.addBinding().to(BulkRequestInterceptor.class); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java deleted file mode 100644 index ac400afd341..00000000000 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.action.interceptor; - -import org.elasticsearch.action.RealtimeRequest; -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportRequest; - -/** - * If field level or document level security is enabled this interceptor disables the realtime feature of get, multi get, termsvector and - * multi termsvector requests. - */ -public class RealtimeRequestInterceptor extends FieldAndDocumentLevelSecurityRequestInterceptor { - - @Inject - public RealtimeRequestInterceptor(Settings settings, ThreadPool threadPool, XPackLicenseState licenseState) { - super(settings, threadPool.getThreadContext(), licenseState); - } - - @Override - protected void disableFeatures(RealtimeRequest realtimeRequest, boolean fieldLevelSecurityEnabled, - boolean documentLevelSecurityEnabled) { - realtimeRequest.realtime(false); - } - - @Override - public boolean supports(TransportRequest request) { - return request instanceof RealtimeRequest; - } -}