honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: Use context instead of headers for storing the auth token 

Original commit: elastic/x-pack-elasticsearch@497202f7a1
This commit is contained in:
Alexander Reelsen 2014-09-05 12:46:03 +02:00
parent c96db14742
commit 2aa52a3113
3 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -52,14 +52,14 @@ public class InternalAuthenticationService extends AbstractComponent implements
@Override
@SuppressWarnings("unchecked")
public AuthenticationToken token(String action, TransportMessage<?> message, AuthenticationToken defaultToken) {
AuthenticationToken token = message.getHeader(TOKEN_CTX_KEY);
AuthenticationToken token = (AuthenticationToken) message.getContext().get(TOKEN_CTX_KEY);
if (token != null) {
return token;
}
for (Realm realm : realms) {
token = realm.token(message);
if (token != null) {
message.putHeader(TOKEN_CTX_KEY, token);
message.putInContext(TOKEN_CTX_KEY, token);
return token;
}
}
@ -71,7 +71,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
throw new AuthenticationException("Missing authentication token for request [" + action + "]");
}
message.putHeader(TOKEN_CTX_KEY, defaultToken);
message.putInContext(TOKEN_CTX_KEY, defaultToken);
return defaultToken;
}
@ -95,7 +95,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
@SuppressWarnings("unchecked")
public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
assert token != null : "cannot authenticate null tokens";
User user = message.getHeader(USER_CTX_KEY);
User user = (User) message.getContext().get(USER_CTX_KEY);
if (user != null) {
return user;
}
@ -103,7 +103,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
if (realm.supports(token)) {
user = realm.authenticate(token);
if (user != null) {
message.putHeader(USER_CTX_KEY, user);
message.putInContext(USER_CTX_KEY, user);
return user;
} else if (auditTrail != null) {
auditTrail.authenticationFailed(realm.type(), token, action, message);

6
src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
View File

@ -49,7 +49,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
}
public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
UsernamePasswordToken token = message.getHeader(TOKEN_KEY);
UsernamePasswordToken token = (UsernamePasswordToken) message.getContext().get(TOKEN_KEY);
if (token != null) {
return token;
}
@ -59,7 +59,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
if (defaultToken == null) {
return null;
}
message.putHeader(TOKEN_KEY, defaultToken);
message.putInContext(TOKEN_KEY, defaultToken);
return defaultToken;
}
@ -74,7 +74,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
throw new AuthenticationException("Invalid basic authentication header value");
}
token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
message.putHeader(TOKEN_KEY, token);
message.putInContext(TOKEN_KEY, token);
return token;
}

28
src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
View File

@ -76,7 +76,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
}
verify(auditTrail).anonymousAccess("_action", message);
verifyNoMoreInteractions(auditTrail);
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
}
@Test
@ -89,7 +89,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
}
verify(auditTrail).anonymousAccess("_action", message);
verifyNoMoreInteractions(auditTrail);
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
}
@Test
@ -98,21 +98,21 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
assertThat(result, notNullValue());
assertThat(result, is(token));
verifyZeroInteractions(auditTrail);
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
}
@Test @SuppressWarnings("unchecked")
public void testToken_Cached() throws Exception {
message.putHeader(InternalAuthenticationService.TOKEN_CTX_KEY, token);
message.putInContext(InternalAuthenticationService.TOKEN_CTX_KEY, token);
AuthenticationToken result = service.token("_action", message, token);
assertThat(result, notNullValue());
assertThat(result, is(token));
verifyZeroInteractions(auditTrail);
verifyZeroInteractions(firstRealm);
verifyZeroInteractions(secondRealm);
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
}
@Test @SuppressWarnings("unchecked")
@ -127,8 +127,8 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
assertThat(result, notNullValue());
assertThat(result, is(user));
verify(auditTrail).authenticationFailed("first", token, "_action", message);
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
}
@Test @SuppressWarnings("unchecked")
@ -143,22 +143,22 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
assertThat(result, is(user));
verifyZeroInteractions(auditTrail);
verify(firstRealm, never()).authenticate(token);
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_Cached() throws Exception {
User user = new User.Simple("_username", "r1");
message.putHeader(InternalAuthenticationService.USER_CTX_KEY, user);
message.putInContext(InternalAuthenticationService.USER_CTX_KEY, user);
User result = service.authenticate("_action", message, token);
assertThat(result, notNullValue());
assertThat(result, is(user));
verifyZeroInteractions(auditTrail);
verifyZeroInteractions(firstRealm);
verifyZeroInteractions(secondRealm);
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
}
@Test