mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-26 14:54:56 +00:00
Fixed comments on Transport service filter commit
- Fixed a bug in the logic of applying the indices group permission check - For the rest, mainly cosmetics refactoring (renaming & redundant code removal) Original commit: elastic/x-pack-elasticsearch@748575dc2e
This commit is contained in:
uboness
parent
6a7c537ad6
commit
1728c2a381
@ -71,10 +71,10 @@ public class UsernamePasswordToken implements AuthenticationToken {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static void putTokenHeader(TransportRequest request, UsernamePasswordToken token) {
|
public static void putTokenHeader(TransportRequest request, UsernamePasswordToken token) {
|
||||||
request.putHeader("Authorization", headerValue(token.username, token.password));
|
request.putHeader("Authorization", basicAuthHeaderValue(token.username, token.password));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String headerValue(String username, char[] passwd) {
|
public static String basicAuthHeaderValue(String username, char[] passwd) {
|
||||||
String basicToken = username + ":" + new String(passwd);
|
String basicToken = username + ":" + new String(passwd);
|
||||||
basicToken = new String(Base64.encodeBase64(basicToken.getBytes(Charsets.UTF_8)), Charsets.UTF_8);
|
basicToken = new String(Base64.encodeBase64(basicToken.getBytes(Charsets.UTF_8)), Charsets.UTF_8);
|
||||||
return "Basic " + basicToken;
|
return "Basic " + basicToken;
|
||||||
|
|||||||
@ -234,11 +234,11 @@ public interface Permission {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
|
for (String index : explodeWildcards((IndicesRequest) request, metaData)) {
|
||||||
for (String index : explodeWildcards((IndicesRequest) request, metaData)) {
|
if (!indexNameMatcher.apply(index)) {
|
||||||
if (!indexNameMatcher.apply(index)) {
|
return false;
|
||||||
return false;
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -135,19 +135,19 @@ public class SecuredTransportService extends TransportService {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void sendResponse(TransportResponse response) throws IOException {
|
public void sendResponse(TransportResponse response) throws IOException {
|
||||||
if (proceed(response)) {
|
if (filter(response)) {
|
||||||
channel.sendResponse(response);
|
channel.sendResponse(response);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void sendResponse(TransportResponse response, TransportResponseOptions options) throws IOException {
|
public void sendResponse(TransportResponse response, TransportResponseOptions options) throws IOException {
|
||||||
if (proceed(response)) {
|
if (filter(response)) {
|
||||||
channel.sendResponse(response, options);
|
channel.sendResponse(response, options);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean proceed(TransportResponse response) throws IOException {
|
private boolean filter(TransportResponse response) throws IOException {
|
||||||
try {
|
try {
|
||||||
filter.outboundResponse(channel.action(), response);
|
filter.outboundResponse(channel.action(), response);
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
|
|||||||
@ -23,7 +23,7 @@ import java.io.IOException;
|
|||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.headerValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
||||||
import static org.hamcrest.Matchers.hasSize;
|
import static org.hamcrest.Matchers.hasSize;
|
||||||
@ -44,6 +44,7 @@ public class ShieldPluginTests extends ElasticsearchIntegrationTest {
|
|||||||
File folder = newFolder();
|
File folder = newFolder();
|
||||||
ImmutableSettings.Builder builder = ImmutableSettings.builder()
|
ImmutableSettings.Builder builder = ImmutableSettings.builder()
|
||||||
.put("plugin.types", SecurityPlugin.class.getName())
|
.put("plugin.types", SecurityPlugin.class.getName())
|
||||||
|
.put(super.nodeSettings(nodeOrdinal))
|
||||||
.put("shield.audit.enabled", true)
|
.put("shield.audit.enabled", true)
|
||||||
.put("shield.authc.esusers.files.users", copyFile(folder, "users"))
|
.put("shield.authc.esusers.files.users", copyFile(folder, "users"))
|
||||||
.put("shield.authc.esusers.files.users_roles", copyFile(folder, "users_roles"))
|
.put("shield.authc.esusers.files.users_roles", copyFile(folder, "users_roles"))
|
||||||
@ -51,7 +52,7 @@ public class ShieldPluginTests extends ElasticsearchIntegrationTest {
|
|||||||
.put("shield.n2n.file", copyFile(folder, "ip_filter.yml"))
|
.put("shield.n2n.file", copyFile(folder, "ip_filter.yml"))
|
||||||
.put(TransportModule.TRANSPORT_SERVICE_TYPE_KEY, SecuredTransportService.class.getName())
|
.put(TransportModule.TRANSPORT_SERVICE_TYPE_KEY, SecuredTransportService.class.getName())
|
||||||
// for the test internal node clients
|
// for the test internal node clients
|
||||||
.put("request.headers.Authorization", headerValue("test_user", "changeme".toCharArray()));
|
.put("request.headers.Authorization", basicAuthHeaderValue("test_user", "changeme".toCharArray()));
|
||||||
|
|
||||||
if (OsUtils.MAC) {
|
if (OsUtils.MAC) {
|
||||||
builder.put("network.host", randomBoolean() ? "127.0.0.1" : "::1");
|
builder.put("network.host", randomBoolean() ? "127.0.0.1" : "::1");
|
||||||
@ -64,7 +65,7 @@ public class ShieldPluginTests extends ElasticsearchIntegrationTest {
|
|||||||
@Override
|
@Override
|
||||||
protected Settings transportClientSettings() {
|
protected Settings transportClientSettings() {
|
||||||
return ImmutableSettings.builder()
|
return ImmutableSettings.builder()
|
||||||
.put("request.headers.Authorization", headerValue("test_user", "changeme".toCharArray()))
|
.put("request.headers.Authorization", basicAuthHeaderValue("test_user", "changeme".toCharArray()))
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -25,7 +25,7 @@ public class SSLConfigTests extends ElasticsearchTestCase {
|
|||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() throws Exception {
|
public void setup() throws Exception {
|
||||||
testnodeStore = new File(getClass().getResource("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks").toURI());
|
testnodeStore = new File(getClass().getResource("certs/simple/testnode.jks").toURI());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@ -89,7 +89,6 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
|
|||||||
.put("shield.http.ssl.truststore_password", "testnode")
|
.put("shield.http.ssl.truststore_password", "testnode")
|
||||||
// SSL SETUP
|
// SSL SETUP
|
||||||
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
|
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
|
||||||
.put("plugins.load_classpath_plugins", false)
|
|
||||||
.put("plugin.types", N2NPlugin.class.getName())
|
.put("plugin.types", N2NPlugin.class.getName())
|
||||||
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
||||||
.put("shield.n2n.file", ipFilterFile.getPath());
|
.put("shield.n2n.file", ipFilterFile.getPath());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user