From 22862cd416b8e5ded182188e796ff55154694046 Mon Sep 17 00:00:00 2001 From: Alexander Reelsen Date: Wed, 20 Aug 2014 15:47:38 +0200 Subject: [PATCH] Fix loading of secured transports Load transports in plugin. No need to specify any transport modules anymore. Removed the transport modules. Original commit: elastic/x-pack-elasticsearch@45f3245361aab9f1780250c856b57ad79f2edddb --- .../elasticsearch/shield/SecurityModule.java | 4 ++++ .../shield/plugin/SecurityPlugin.java | 4 ++++ ...NettySecuredHttpServerTransportModule.java | 17 ++++++++++++----- .../netty/NettySecuredTransportModule.java | 19 ++++++++++++++----- .../n2n/IpFilteringIntegrationTests.java | 9 ++------- .../transport/ssl/SslIntegrationTests.java | 11 +++++------ .../transport/ssl/SslRequireAuthTests.java | 10 ++-------- 7 files changed, 43 insertions(+), 31 deletions(-) diff --git a/src/main/java/org/elasticsearch/shield/SecurityModule.java b/src/main/java/org/elasticsearch/shield/SecurityModule.java index 05231de6da2..865fbc86585 100644 --- a/src/main/java/org/elasticsearch/shield/SecurityModule.java +++ b/src/main/java/org/elasticsearch/shield/SecurityModule.java @@ -17,6 +17,8 @@ import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.shield.authz.AuthorizationModule; import org.elasticsearch.shield.n2n.N2NModule; import org.elasticsearch.shield.transport.SecuredTransportModule; +import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; +import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule; /** * @@ -54,6 +56,8 @@ public class SecurityModule extends AbstractModule implements SpawnModules, PreP new AuthorizationModule(), new AuditTrailModule(settings), new N2NModule(), + new NettySecuredHttpServerTransportModule(), + new NettySecuredTransportModule(), new SecuredTransportModule(settings)); } diff --git a/src/main/java/org/elasticsearch/shield/plugin/SecurityPlugin.java b/src/main/java/org/elasticsearch/shield/plugin/SecurityPlugin.java index f09cff24aaa..462a6c90937 100644 --- a/src/main/java/org/elasticsearch/shield/plugin/SecurityPlugin.java +++ b/src/main/java/org/elasticsearch/shield/plugin/SecurityPlugin.java @@ -7,8 +7,12 @@ package org.elasticsearch.shield.plugin; import org.elasticsearch.common.collect.ImmutableList; import org.elasticsearch.common.inject.Module; +import org.elasticsearch.http.HttpServerModule; import org.elasticsearch.plugins.AbstractPlugin; import org.elasticsearch.shield.SecurityModule; +import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransport; +import org.elasticsearch.shield.transport.netty.NettySecuredTransport; +import org.elasticsearch.transport.TransportModule; import java.util.Collection; diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransportModule.java b/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransportModule.java index 8ff4b764237..9b4f697c1d1 100644 --- a/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransportModule.java +++ b/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransportModule.java @@ -6,16 +6,23 @@ package org.elasticsearch.shield.transport.netty; import org.elasticsearch.common.inject.AbstractModule; -import org.elasticsearch.http.HttpServerTransport; +import org.elasticsearch.common.inject.Module; +import org.elasticsearch.common.inject.PreProcessModule; +import org.elasticsearch.http.HttpServerModule; +import org.elasticsearch.shield.plugin.SecurityPlugin; /** * */ -public class NettySecuredHttpServerTransportModule extends AbstractModule { +public class NettySecuredHttpServerTransportModule extends AbstractModule implements PreProcessModule { @Override - protected void configure() { - bind(HttpServerTransport.class).to(NettySecuredHttpServerTransport.class).asEagerSingleton(); + public void processModule(Module module) { + if (module instanceof HttpServerModule) { + ((HttpServerModule)module).setHttpServerTransport(NettySecuredHttpServerTransport.class, SecurityPlugin.NAME); + } } -} + @Override + protected void configure() {} +} \ No newline at end of file diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransportModule.java b/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransportModule.java index 3295a4b5d37..56c0730ba02 100644 --- a/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransportModule.java +++ b/src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransportModule.java @@ -6,15 +6,24 @@ package org.elasticsearch.shield.transport.netty; import org.elasticsearch.common.inject.AbstractModule; -import org.elasticsearch.transport.Transport; +import org.elasticsearch.common.inject.Module; +import org.elasticsearch.common.inject.PreProcessModule; +import org.elasticsearch.shield.plugin.SecurityPlugin; +import org.elasticsearch.transport.TransportModule; /** * */ -public class NettySecuredTransportModule extends AbstractModule { +public class NettySecuredTransportModule extends AbstractModule implements PreProcessModule { @Override - protected void configure() { - bind(Transport.class).to(NettySecuredTransport.class).asEagerSingleton(); + public void processModule(Module module) { + if (module instanceof TransportModule) { + ((TransportModule)module).setTransport(NettySecuredTransport.class, SecurityPlugin.NAME); + } } -} + + @Override + protected void configure() {} + +} \ No newline at end of file diff --git a/src/test/java/org/elasticsearch/shield/n2n/IpFilteringIntegrationTests.java b/src/test/java/org/elasticsearch/shield/n2n/IpFilteringIntegrationTests.java index 4fe499f6e62..1acf4bf3ff8 100644 --- a/src/test/java/org/elasticsearch/shield/n2n/IpFilteringIntegrationTests.java +++ b/src/test/java/org/elasticsearch/shield/n2n/IpFilteringIntegrationTests.java @@ -14,11 +14,8 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.shield.plugin.SecurityPlugin; -import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; -import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule; import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.transport.Transport; -import org.elasticsearch.transport.TransportModule; import org.junit.Ignore; import org.junit.Test; @@ -46,9 +43,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest { .put("node.mode", "network") // todo http tests fail without an explicit IP (needs investigation) .put("network.host", randomBoolean() ? "127.0.0.1" : "::1") - .put("http.type", NettySecuredHttpServerTransportModule.class.getName()) - .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName()) - .put("plugin.types", N2NPlugin.class.getName()); + .put("plugin.types", SecurityPlugin.class.getName()); //.put("shield.n2n.file", configFile.getPath()) if (OsUtils.MAC) { @@ -67,7 +62,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest { logger.info("Opening connection to {}", url); HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection(); connection.connect(); - connection.getResponseCode(); + logger.info("HTTP connection response code [{}]", connection.getResponseCode()); } @Ignore("Need to investigate further, why this does not fail") diff --git a/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java b/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java index c161f778b6a..e5c18b92db2 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java @@ -22,8 +22,8 @@ import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.node.Node; import org.elasticsearch.node.NodeBuilder; import org.elasticsearch.shield.n2n.N2NPlugin; -import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; -import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule; +import org.elasticsearch.shield.plugin.SecurityPlugin; +import org.elasticsearch.shield.transport.netty.NettySecuredTransport; import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.transport.Transport; @@ -88,9 +88,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest { .put("shield.http.ssl.truststore", testnodeStore.getPath()) .put("shield.http.ssl.truststore_password", "testnode") // SSL SETUP - .put("http.type", NettySecuredHttpServerTransportModule.class.getName()) - .put("plugin.types", N2NPlugin.class.getName()) - .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName()) + .put("plugin.types", SecurityPlugin.class.getName()) .put("shield.n2n.file", ipFilterFile.getPath()); if (OsUtils.MAC) { @@ -125,6 +123,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest { } @Test + @TestLogging("_root:DEBUG") public void testConnectNodeWorks() throws Exception { try (Node node = NodeBuilder.nodeBuilder().settings(getSettings("ssl_node")).node().start()) { try (Client client = node.client()) { @@ -227,7 +226,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest { .put("shield.transport.ssl.truststore", testClientTrustStore .getPath()) .put("shield.transport.ssl.truststore_password", "testclient") .put("discovery.zen.ping.multicast.ping.enabled", false) - .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName()) + .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransport.class.getName()) .put("shield.n2n.file", ipFilterFile.getPath()) .put("cluster.name", internalCluster().getClusterName()); } diff --git a/src/test/java/org/elasticsearch/shield/transport/ssl/SslRequireAuthTests.java b/src/test/java/org/elasticsearch/shield/transport/ssl/SslRequireAuthTests.java index b5d491be71f..b22777622b7 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ssl/SslRequireAuthTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/ssl/SslRequireAuthTests.java @@ -16,11 +16,9 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.shield.n2n.N2NPlugin; -import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; -import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule; +import org.elasticsearch.shield.plugin.SecurityPlugin; import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.junit.annotations.TestLogging; -import org.elasticsearch.transport.TransportModule; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; @@ -91,11 +89,7 @@ public class SslRequireAuthTests extends ElasticsearchIntegrationTest { .put("shield.http.ssl.keystore_password", "testnode") .put("shield.http.ssl.truststore", testnodeStore.getPath()) .put("shield.http.ssl.truststore_password", "testnode") - // SSL SETUP - .put("http.type", NettySecuredHttpServerTransportModule.class.getName()) - .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName()) - .put("plugins.load_classpath_plugins", false) - .put("plugin.types", N2NPlugin.class.getName()) + .put("plugin.types", SecurityPlugin.class.getName()) .put("shield.n2n.file", ipFilterFile.getPath()); if (OsUtils.MAC) {