Fix: Use context instead of headers for storing the auth token
Original commit: elastic/x-pack-elasticsearch@497202f7a1
This commit is contained in:
Alexander Reelsen
parent
c96db14742
commit
2aa52a3113
|
|
@ -52,14 +52,14 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
||||||
@Override
|
@Override
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public AuthenticationToken token(String action, TransportMessage<?> message, AuthenticationToken defaultToken) {
|
public AuthenticationToken token(String action, TransportMessage<?> message, AuthenticationToken defaultToken) {
|
||||||
AuthenticationToken token = message.getHeader(TOKEN_CTX_KEY);
|
AuthenticationToken token = (AuthenticationToken) message.getContext().get(TOKEN_CTX_KEY);
|
||||||
if (token != null) {
|
if (token != null) {
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
for (Realm realm : realms) {
|
for (Realm realm : realms) {
|
||||||
token = realm.token(message);
|
token = realm.token(message);
|
||||||
if (token != null) {
|
if (token != null) {
|
||||||
message.putHeader(TOKEN_CTX_KEY, token);
|
message.putInContext(TOKEN_CTX_KEY, token);
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -71,7 +71,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
||||||
throw new AuthenticationException("Missing authentication token for request [" + action + "]");
|
throw new AuthenticationException("Missing authentication token for request [" + action + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
message.putHeader(TOKEN_CTX_KEY, defaultToken);
|
message.putInContext(TOKEN_CTX_KEY, defaultToken);
|
||||||
return defaultToken;
|
return defaultToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -95,7 +95,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
|
public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
|
||||||
assert token != null : "cannot authenticate null tokens";
|
assert token != null : "cannot authenticate null tokens";
|
||||||
User user = message.getHeader(USER_CTX_KEY);
|
User user = (User) message.getContext().get(USER_CTX_KEY);
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
@ -103,7 +103,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
||||||
if (realm.supports(token)) {
|
if (realm.supports(token)) {
|
||||||
user = realm.authenticate(token);
|
user = realm.authenticate(token);
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
message.putHeader(USER_CTX_KEY, user);
|
message.putInContext(USER_CTX_KEY, user);
|
||||||
return user;
|
return user;
|
||||||
} else if (auditTrail != null) {
|
} else if (auditTrail != null) {
|
||||||
auditTrail.authenticationFailed(realm.type(), token, action, message);
|
auditTrail.authenticationFailed(realm.type(), token, action, message);
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
|
public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
|
||||||
UsernamePasswordToken token = message.getHeader(TOKEN_KEY);
|
UsernamePasswordToken token = (UsernamePasswordToken) message.getContext().get(TOKEN_KEY);
|
||||||
if (token != null) {
|
if (token != null) {
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
@ -59,7 +59,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
|
||||||
if (defaultToken == null) {
|
if (defaultToken == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
message.putHeader(TOKEN_KEY, defaultToken);
|
message.putInContext(TOKEN_KEY, defaultToken);
|
||||||
return defaultToken;
|
return defaultToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -74,7 +74,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
|
||||||
throw new AuthenticationException("Invalid basic authentication header value");
|
throw new AuthenticationException("Invalid basic authentication header value");
|
||||||
}
|
}
|
||||||
token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
|
token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
|
||||||
message.putHeader(TOKEN_KEY, token);
|
message.putInContext(TOKEN_KEY, token);
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
||||||
}
|
}
|
||||||
verify(auditTrail).anonymousAccess("_action", message);
|
verify(auditTrail).anonymousAccess("_action", message);
|
||||||
verifyNoMoreInteractions(auditTrail);
|
verifyNoMoreInteractions(auditTrail);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -89,7 +89,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
||||||
}
|
}
|
||||||
verify(auditTrail).anonymousAccess("_action", message);
|
verify(auditTrail).anonymousAccess("_action", message);
|
||||||
verifyNoMoreInteractions(auditTrail);
|
verifyNoMoreInteractions(auditTrail);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -98,21 +98,21 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
||||||
assertThat(result, notNullValue());
|
assertThat(result, notNullValue());
|
||||||
assertThat(result, is(token));
|
assertThat(result, is(token));
|
||||||
verifyZeroInteractions(auditTrail);
|
verifyZeroInteractions(auditTrail);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test @SuppressWarnings("unchecked")
|
@Test @SuppressWarnings("unchecked")
|
||||||
public void testToken_Cached() throws Exception {
|
public void testToken_Cached() throws Exception {
|
||||||
message.putHeader(InternalAuthenticationService.TOKEN_CTX_KEY, token);
|
message.putInContext(InternalAuthenticationService.TOKEN_CTX_KEY, token);
|
||||||
AuthenticationToken result = service.token("_action", message, token);
|
AuthenticationToken result = service.token("_action", message, token);
|
||||||
assertThat(result, notNullValue());
|
assertThat(result, notNullValue());
|
||||||
assertThat(result, is(token));
|
assertThat(result, is(token));
|
||||||
verifyZeroInteractions(auditTrail);
|
verifyZeroInteractions(auditTrail);
|
||||||
verifyZeroInteractions(firstRealm);
|
verifyZeroInteractions(firstRealm);
|
||||||
verifyZeroInteractions(secondRealm);
|
verifyZeroInteractions(secondRealm);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
|
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test @SuppressWarnings("unchecked")
|
@Test @SuppressWarnings("unchecked")
|
||||||
|
|
@ -127,8 +127,8 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
||||||
assertThat(result, notNullValue());
|
assertThat(result, notNullValue());
|
||||||
assertThat(result, is(user));
|
assertThat(result, is(user));
|
||||||
verify(auditTrail).authenticationFailed("first", token, "_action", message);
|
verify(auditTrail).authenticationFailed("first", token, "_action", message);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test @SuppressWarnings("unchecked")
|
@Test @SuppressWarnings("unchecked")
|
||||||
|
|
@ -143,22 +143,22 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
||||||
assertThat(result, is(user));
|
assertThat(result, is(user));
|
||||||
verifyZeroInteractions(auditTrail);
|
verifyZeroInteractions(auditTrail);
|
||||||
verify(firstRealm, never()).authenticate(token);
|
verify(firstRealm, never()).authenticate(token);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test @SuppressWarnings("unchecked")
|
@Test @SuppressWarnings("unchecked")
|
||||||
public void testAuthenticate_Cached() throws Exception {
|
public void testAuthenticate_Cached() throws Exception {
|
||||||
User user = new User.Simple("_username", "r1");
|
User user = new User.Simple("_username", "r1");
|
||||||
message.putHeader(InternalAuthenticationService.USER_CTX_KEY, user);
|
message.putInContext(InternalAuthenticationService.USER_CTX_KEY, user);
|
||||||
User result = service.authenticate("_action", message, token);
|
User result = service.authenticate("_action", message, token);
|
||||||
assertThat(result, notNullValue());
|
assertThat(result, notNullValue());
|
||||||
assertThat(result, is(user));
|
assertThat(result, is(user));
|
||||||
verifyZeroInteractions(auditTrail);
|
verifyZeroInteractions(auditTrail);
|
||||||
verifyZeroInteractions(firstRealm);
|
verifyZeroInteractions(firstRealm);
|
||||||
verifyZeroInteractions(secondRealm);
|
verifyZeroInteractions(secondRealm);
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
|
||||||
assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue