honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[cleanup] Moved to TransportMessage where possible 

Original commit: elastic/x-pack-elasticsearch@46535f7818
This commit is contained in:
uboness 2014-08-08 21:23:26 +02:00
parent ad02ec4609
commit 2c71ece598
10 changed files with 59 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
View File

@ -7,7 +7,7 @@ package org.elasticsearch.shield.audit;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
/**
*
@ -16,28 +16,28 @@ public interface AuditTrail {
public static final AuditTrail NOOP = new AuditTrail() {
@Override
public void anonymousAccess(String action, TransportRequest request) {
public void anonymousAccess(String action, TransportMessage<?> message) {
}
@Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) {
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
}
@Override
public void accessGranted(User user, String action, TransportRequest request) {
public void accessGranted(User user, String action, TransportMessage<?> message) {
}
@Override
public void accessDenied(User user, String action, TransportRequest request) {
public void accessDenied(User user, String action, TransportMessage<?> message) {
}
};
void anonymousAccess(String action, TransportRequest request);
void anonymousAccess(String action, TransportMessage<?> message);
void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request);
void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message);
void accessGranted(User user, String action, TransportRequest request);
void accessGranted(User user, String action, TransportMessage<?> message);
void accessDenied(User user, String action, TransportRequest request);
void accessDenied(User user, String action, TransportMessage<?> message);
}

18
src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
View File

@ -10,7 +10,7 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
import java.util.Set;
@ -28,30 +28,30 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
}
@Override
public void anonymousAccess(String action, TransportRequest request) {
public void anonymousAccess(String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].anonymousAccess(action, request);
auditTrails[i].anonymousAccess(action, message);
}
}
@Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) {
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].authenticationFailed(realm, token, action, request);
auditTrails[i].authenticationFailed(realm, token, action, message);
}
}
@Override
public void accessGranted(User user, String action, TransportRequest request) {
public void accessGranted(User user, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].accessGranted(user, action, request);
auditTrails[i].accessGranted(user, action, message);
}
}
@Override
public void accessDenied(User user, String action, TransportRequest request) {
public void accessDenied(User user, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].accessDenied(user, action, request);
auditTrails[i].accessDenied(user, action, message);
}
}

26
src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
/**
*
@ -24,38 +24,38 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail {
}
@Override
public void anonymousAccess(String action, TransportRequest request) {
public void anonymousAccess(String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) {
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}], request=[{}]", request.remoteAddress(), action, request);
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}], request=[{}]", message.remoteAddress(), action, message);
} else {
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}]", request.remoteAddress(), action);
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}]", message.remoteAddress(), action);
}
}
@Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) {
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) {
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), realm, action, token.principal(), request);
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), realm, action, token.principal(), message);
} else {
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}]", request.remoteAddress(), realm, action, token.principal());
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}]", message.remoteAddress(), realm, action, token.principal());
}
}
@Override
public void accessGranted(User user, String action, TransportRequest request) {
public void accessGranted(User user, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) {
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), action, user.principal(), request);
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), action, user.principal(), message);
} else {
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}]", request.remoteAddress(), action, user.principal());
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}]", message.remoteAddress(), action, user.principal());
}
}
@Override
public void accessDenied(User user, String action, TransportRequest request) {
public void accessDenied(User user, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) {
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), action, user.principal(), request);
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), action, user.principal(), message);
} else {
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}]", request.remoteAddress(), action, user.principal());
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}]", message.remoteAddress(), action, user.principal());
}
}

7
src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.authc;
import org.elasticsearch.shield.User;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
/**
@ -16,16 +17,16 @@ public interface AuthenticationService {
/**
* Authenticates the user associated with the given request.
*
* An {@link AuthenticationToken authentication token} will be extracted from the request, and
* An {@link AuthenticationToken authentication token} will be extracted from the message, and
* will be authenticated. On successful authentication, the {@link org.elasticsearch.shield.User user} that is associated
* with the request (i.e. that is associated with the token's {@link AuthenticationToken#principal() principal})
* will be returned.
*
* @param request The executed request
* @param message The executed message
* @return The authenticated User
* @throws AuthenticationException If no user could be authenticated (can either be due to missing
* supported authentication token, or simply due to bad credentials.
*/
User authenticate(String action, TransportRequest request) throws AuthenticationException;
User authenticate(String action, TransportMessage<?> message) throws AuthenticationException;
}

12
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
/**
* An authentication service that delegates the authentication process to its configured {@link Realm realms}.
@ -38,26 +38,26 @@ public class InternalAuthenticationService extends AbstractComponent implements
* The order by which the realms are ran is based on the order by which they were set in the
* constructor.
*
* @param request The executed request
* @param message The executed request
* @return The authenticated user
* @throws AuthenticationException If none of the configured realms successfully authenticated the
* request
*/
@Override
public User authenticate(String action, TransportRequest request) throws AuthenticationException {
public User authenticate(String action, TransportMessage<?> message) throws AuthenticationException {
for (Realm realm : realms) {
AuthenticationToken token = realm.token(request);
AuthenticationToken token = realm.token(message);
if (token != null) {
User user = realm.authenticate(token);
if (user != null) {
return user;
} else if (auditTrail != null) {
auditTrail.authenticationFailed(realm.type(), token, action, request);
auditTrail.authenticationFailed(realm.type(), token, action, message);
}
}
}
if (auditTrail != null) {
auditTrail.anonymousAccess(action, request);
auditTrail.anonymousAccess(action, message);
}
throw new AuthenticationException("Unable to authenticate user for request");
}

6
src/main/java/org/elasticsearch/shield/authc/Realm.java
View File

@ -6,7 +6,7 @@
package org.elasticsearch.shield.authc;
import org.elasticsearch.shield.User;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
/**
* An authentication mechanism to which the default authentication {@link org.elasticsearch.shield.authc.AuthenticationService service}
@ -25,11 +25,11 @@ public interface Realm<T extends AuthenticationToken> {
* {@link #authenticate(AuthenticationToken)} will be called for an authentication attempt. If no
* appropriate token is found, {@code null} is returned.
*
* @param request The request
* @param message The request
* @return The authentication token this realm can authenticate, {@code null} if no such
* token is found
*/
T token(TransportRequest request);
T token(TransportMessage<?> message);
/**
* Authenticates the given token. A successful authentication will return the User associated

5
src/main/java/org/elasticsearch/shield/authc/esusers/ESUsersRealm.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.support.UserPasswdStore;
import org.elasticsearch.shield.authc.support.UserRolesStore;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
/**
@ -40,8 +41,8 @@ public class ESUsersRealm extends AbstractComponent implements Realm<UsernamePas
}
@Override
public UsernamePasswordToken token(TransportRequest request) {
return UsernamePasswordToken.extractToken(request, null);
public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(message, null);
}
@Override

6
src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
/**
*
@ -31,8 +31,8 @@ public class LdapRealm extends AbstractComponent implements Realm<UsernamePasswo
}
@Override
public UsernamePasswordToken token(TransportRequest request) {
return UsernamePasswordToken.extractToken(request, null);
public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(message, null);
}
@Override

6
src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java
View File

@ -13,7 +13,7 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationException;
import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportMessage;
import java.util.Arrays;
import java.util.concurrent.Callable;
@ -40,8 +40,8 @@ public abstract class CachingUsernamePasswordRealm extends AbstractComponent imp
}
@Override
public UsernamePasswordToken token(TransportRequest request) {
return UsernamePasswordToken.extractToken(request, null);
public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(message, null);
}
protected final void expire(String username) {

11
src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
View File

@ -9,6 +9,7 @@ import org.apache.commons.codec.binary.Base64;
import org.elasticsearch.common.base.Charsets;
import org.elasticsearch.shield.authc.AuthenticationException;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
import java.util.regex.Matcher;
@ -42,18 +43,18 @@ public class UsernamePasswordToken implements AuthenticationToken {
return password;
}
public static UsernamePasswordToken extractToken(TransportRequest request, UsernamePasswordToken defaultToken) {
UsernamePasswordToken token = (UsernamePasswordToken) request.context().get(TOKEN_KEY);
public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
UsernamePasswordToken token = (UsernamePasswordToken) message.context().get(TOKEN_KEY);
if (token != null) {
return token;
}
String authStr = request.getHeader(BASIC_AUTH_HEADER);
String authStr = message.getHeader(BASIC_AUTH_HEADER);
if (authStr == null) {
if (defaultToken == null) {
return null;
}
request.context().put(TOKEN_KEY, defaultToken);
message.context().put(TOKEN_KEY, defaultToken);
return defaultToken;
}
@ -65,7 +66,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
String userpasswd = new String(Base64.decodeBase64(matcher.group(1)), Charsets.UTF_8);
int i = userpasswd.indexOf(':');
token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
request.context().put(TOKEN_KEY, token);
message.context().put(TOKEN_KEY, token);
return token;
}