Switch to using rest headers getting

This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19440. It adds a getter on XPackExtension for extensions that add custom rest headers, in addition to the headers registered for xpack itself. Original commit: elastic/x-pack-elasticsearch@bd142b88c6
2016-07-14 18:48:12 -07:00 · 2016-07-14 18:48:12 -07:00 · 0c81f1b6ad
parent b1c892b77d
commit 0c81f1b6ad
8 changed files with 47 additions and 10 deletions
--- a/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
@ -13,6 +13,8 @@ import org.elasticsearch.xpack.extensions.XPackExtension;

 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.Arrays;
+import java.util.Collection;

 public class ExampleRealmExtension extends XPackExtension {
    @Override
@ -34,4 +36,9 @@ public class ExampleRealmExtension extends XPackExtension {
            return null;
        });
    }
+
+    @Override
+    public Collection<String> getRestHeaders() {
+        return Arrays.asList(CustomRealm.USER_HEADER, CustomRealm.PW_HEADER);
+    }
 }
--- a/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
@ -17,8 +17,8 @@ public class CustomRealm extends Realm<UsernamePasswordToken> {

    public static final String TYPE = "custom";

-    static final String USER_HEADER = "User";
-    static final String PW_HEADER = "Password";
+    public static final String USER_HEADER = "User";
+    public static final String PW_HEADER = "Password";

    static final String KNOWN_USER = "custom_user";
    static final String KNOWN_PW = "changeme";
--- a/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
@ -13,9 +13,8 @@ import org.elasticsearch.xpack.security.authc.RealmConfig;
 public class CustomRealmFactory extends Realm.Factory<CustomRealm> {

    @Inject
-    public CustomRealmFactory(RestController controller) {
+    public CustomRealmFactory() {
        super(CustomRealm.TYPE, false);
-        controller.registerRelevantHeaders(CustomRealm.USER_HEADER, CustomRealm.PW_HEADER);
    }

    @Override
--- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java
@ -54,7 +54,7 @@ public class InternalAuthenticationService extends AbstractComponent implements

    @Inject
    public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, CryptoService cryptoService,
-                                         AuthenticationFailureHandler failureHandler, ThreadPool threadPool, RestController controller) {
+                                         AuthenticationFailureHandler failureHandler, ThreadPool threadPool) {
        super(settings);
        this.nodeName = Node.NODE_NAME_SETTING.get(settings);
        this.realms = realms;
@ -64,9 +64,6 @@ public class InternalAuthenticationService extends AbstractComponent implements
        this.threadContext = threadPool.getThreadContext();
        this.signUserHeader = SIGN_USER_HEADER.get(settings);
        this.runAsEnabled = RUN_AS_ENABLED.get(settings);
-        if (runAsEnabled) {
-            controller.registerRelevantHeaders(RUN_AS_USER_HEADER);
-        }
    }

    @Override
--- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java
@ -33,9 +33,8 @@ public abstract class UsernamePasswordRealm extends Realm<UsernamePasswordToken>

    public abstract static class Factory<R extends UsernamePasswordRealm> extends Realm.Factory<R> {

-        protected Factory(String type, RestController restController, boolean internal) {
+        protected Factory(String type, boolean internal) {
            super(type, internal);
-            restController.registerRelevantHeaders(UsernamePasswordToken.BASIC_AUTH_HEADER);
        }
    }

--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
@ -13,8 +13,11 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;

 import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.action.ActionRequest;
@ -66,6 +69,8 @@ import org.elasticsearch.xpack.rest.action.RestXPackUsageAction;
 import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.xpack.security.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.xpack.support.clock.Clock;
 import org.elasticsearch.xpack.support.clock.SystemClock;
 import org.elasticsearch.xpack.watcher.Watcher;
@ -209,6 +214,21 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin {
        return builder.build();
    }

+    @Override
+    public Collection<String> getRestHeaders() {
+        if (transportClientMode) {
+            return Collections.emptyList();
+        }
+        Set<String> headers = new HashSet<>();
+        headers.add(UsernamePasswordToken.BASIC_AUTH_HEADER);
+        if (InternalAuthenticationService.RUN_AS_ENABLED.get(settings)) {
+            headers.add(InternalAuthenticationService.RUN_AS_USER_HEADER);
+        }
+        headers.addAll(extensionsService.getExtensions().stream()
+            .flatMap(e -> e.getRestHeaders().stream()).collect(Collectors.toList()));
+        return headers;
+    }
+
    @Override
    public ScriptContext.Plugin getCustomScriptContexts() {
        return ScriptServiceProxy.INSTANCE;
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java
@ -5,6 +5,9 @@
 */
 package org.elasticsearch.xpack.extensions;

+import java.util.Collection;
+import java.util.Collections;
+
 import org.elasticsearch.xpack.security.authc.AuthenticationModule;


@ -26,4 +29,11 @@ public abstract class XPackExtension {
     * Implement this function to register custom extensions in the authentication module.
     */
    public void onModule(AuthenticationModule module) {}
+
+    /**
+     * Returns headers which should be copied from REST requests to internal cluster requests.
+     */
+    public Collection<String> getRestHeaders() {
+        return Collections.emptyList();
+    }
 }
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
@ -25,6 +25,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.stream.Collectors;

 import static org.elasticsearch.common.io.FileSystemUtils.isAccessibleDirectory;

@ -79,6 +80,10 @@ public class XPackExtensionsService {
        }
    }

+    public List<XPackExtension> getExtensions() {
+        return extensions.stream().map(Tuple::v2).collect(Collectors.toList());
+    }
+
    // a "bundle" is a an extension in a single classloader.
    static class Bundle {
        XPackExtensionInfo info;