honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[cleanup] Moved to TransportMessage where possible 

Original commit: elastic/x-pack-elasticsearch@46535f7818
This commit is contained in:
uboness 2014-08-08 21:23:26 +02:00
parent ad02ec4609
commit 2c71ece598
10 changed files with 59 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
View File

@ -7,7 +7,7 @@ package org.elasticsearch.shield.audit;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
/** /**
* *
@ -16,28 +16,28 @@ public interface AuditTrail {
public static final AuditTrail NOOP = new AuditTrail() { public static final AuditTrail NOOP = new AuditTrail() {
@Override @Override
public void anonymousAccess(String action, TransportRequest request) { public void anonymousAccess(String action, TransportMessage<?> message) {
} }
@Override @Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) { public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
} }
@Override @Override
public void accessGranted(User user, String action, TransportRequest request) { public void accessGranted(User user, String action, TransportMessage<?> message) {
} }
@Override @Override
public void accessDenied(User user, String action, TransportRequest request) { public void accessDenied(User user, String action, TransportMessage<?> message) {
} }
}; };
void anonymousAccess(String action, TransportRequest request); void anonymousAccess(String action, TransportMessage<?> message);
void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request); void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message);
void accessGranted(User user, String action, TransportRequest request); void accessGranted(User user, String action, TransportMessage<?> message);
void accessDenied(User user, String action, TransportRequest request); void accessDenied(User user, String action, TransportMessage<?> message);
} }

18
src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
View File

@ -10,7 +10,7 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
import java.util.Set; import java.util.Set;
@ -28,30 +28,30 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
} }
@Override @Override
public void anonymousAccess(String action, TransportRequest request) { public void anonymousAccess(String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) { for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].anonymousAccess(action, request); auditTrails[i].anonymousAccess(action, message);
} }
} }
@Override @Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) { public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) { for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].authenticationFailed(realm, token, action, request); auditTrails[i].authenticationFailed(realm, token, action, message);
} }
} }
@Override @Override
public void accessGranted(User user, String action, TransportRequest request) { public void accessGranted(User user, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) { for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].accessGranted(user, action, request); auditTrails[i].accessGranted(user, action, message);
} }
} }
@Override @Override
public void accessDenied(User user, String action, TransportRequest request) { public void accessDenied(User user, String action, TransportMessage<?> message) {
for (int i = 0; i < auditTrails.length; i++) { for (int i = 0; i < auditTrails.length; i++) {
auditTrails[i].accessDenied(user, action, request); auditTrails[i].accessDenied(user, action, message);
} }
} }

26
src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
/** /**
* *
@ -24,38 +24,38 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail {
} }
@Override @Override
public void anonymousAccess(String action, TransportRequest request) { public void anonymousAccess(String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}], request=[{}]", request.remoteAddress(), action, request); logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}], request=[{}]", message.remoteAddress(), action, message);
} else { } else {
logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}]", request.remoteAddress(), action); logger.info("ANONYMOUS_ACCESS\thost=[{}], action=[{}]", message.remoteAddress(), action);
} }
} }
@Override @Override
public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportRequest request) { public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), realm, action, token.principal(), request); logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), realm, action, token.principal(), message);
} else { } else {
logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}]", request.remoteAddress(), realm, action, token.principal()); logger.info("AUTHENTICATION_FAILED\thost=[{}], realm=[{}], action=[{}], principal=[{}]", message.remoteAddress(), realm, action, token.principal());
} }
} }
@Override @Override
public void accessGranted(User user, String action, TransportRequest request) { public void accessGranted(User user, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), action, user.principal(), request); logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), action, user.principal(), message);
} else { } else {
logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}]", request.remoteAddress(), action, user.principal()); logger.info("ACCESS_GRANTED\thost=[{}], action=[{}], principal=[{}]", message.remoteAddress(), action, user.principal());
} }
} }
@Override @Override
public void accessDenied(User user, String action, TransportRequest request) { public void accessDenied(User user, String action, TransportMessage<?> message) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}], request=[{}]", request.remoteAddress(), action, user.principal(), request); logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}], request=[{}]", message.remoteAddress(), action, user.principal(), message);
} else { } else {
logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}]", request.remoteAddress(), action, user.principal()); logger.info("ACCESS_DENIED\thost=[{}], action=[{}], principal=[{}]", message.remoteAddress(), action, user.principal());
} }
} }

7
src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.authc; package org.elasticsearch.shield.authc;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportRequest;
/** /**
@ -16,16 +17,16 @@ public interface AuthenticationService {
/** /**
* Authenticates the user associated with the given request. * Authenticates the user associated with the given request.
* *
* An {@link AuthenticationToken authentication token} will be extracted from the request, and * An {@link AuthenticationToken authentication token} will be extracted from the message, and
* will be authenticated. On successful authentication, the {@link org.elasticsearch.shield.User user} that is associated * will be authenticated. On successful authentication, the {@link org.elasticsearch.shield.User user} that is associated
* with the request (i.e. that is associated with the token's {@link AuthenticationToken#principal() principal}) * with the request (i.e. that is associated with the token's {@link AuthenticationToken#principal() principal})
* will be returned. * will be returned.
* *
* @param request The executed request * @param message The executed message
* @return The authenticated User * @return The authenticated User
* @throws AuthenticationException If no user could be authenticated (can either be due to missing * @throws AuthenticationException If no user could be authenticated (can either be due to missing
* supported authentication token, or simply due to bad credentials. * supported authentication token, or simply due to bad credentials.
*/ */
User authenticate(String action, TransportRequest request) throws AuthenticationException; User authenticate(String action, TransportMessage<?> message) throws AuthenticationException;
} }

12
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
/** /**
* An authentication service that delegates the authentication process to its configured {@link Realm realms}. * An authentication service that delegates the authentication process to its configured {@link Realm realms}.
@ -38,26 +38,26 @@ public class InternalAuthenticationService extends AbstractComponent implements
* The order by which the realms are ran is based on the order by which they were set in the * The order by which the realms are ran is based on the order by which they were set in the
* constructor. * constructor.
* *
* @param request The executed request * @param message The executed request
* @return The authenticated user * @return The authenticated user
* @throws AuthenticationException If none of the configured realms successfully authenticated the * @throws AuthenticationException If none of the configured realms successfully authenticated the
* request * request
*/ */
@Override @Override
public User authenticate(String action, TransportRequest request) throws AuthenticationException { public User authenticate(String action, TransportMessage<?> message) throws AuthenticationException {
for (Realm realm : realms) { for (Realm realm : realms) {
AuthenticationToken token = realm.token(request); AuthenticationToken token = realm.token(message);
if (token != null) { if (token != null) {
User user = realm.authenticate(token); User user = realm.authenticate(token);
if (user != null) { if (user != null) {
return user; return user;
} else if (auditTrail != null) { } else if (auditTrail != null) {
auditTrail.authenticationFailed(realm.type(), token, action, request); auditTrail.authenticationFailed(realm.type(), token, action, message);
} }
} }
} }
if (auditTrail != null) { if (auditTrail != null) {
auditTrail.anonymousAccess(action, request); auditTrail.anonymousAccess(action, message);
} }
throw new AuthenticationException("Unable to authenticate user for request"); throw new AuthenticationException("Unable to authenticate user for request");
} }

6
src/main/java/org/elasticsearch/shield/authc/Realm.java
View File

@ -6,7 +6,7 @@
package org.elasticsearch.shield.authc; package org.elasticsearch.shield.authc;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
/** /**
* An authentication mechanism to which the default authentication {@link org.elasticsearch.shield.authc.AuthenticationService service} * An authentication mechanism to which the default authentication {@link org.elasticsearch.shield.authc.AuthenticationService service}
@ -25,11 +25,11 @@ public interface Realm<T extends AuthenticationToken> {
* {@link #authenticate(AuthenticationToken)} will be called for an authentication attempt. If no * {@link #authenticate(AuthenticationToken)} will be called for an authentication attempt. If no
* appropriate token is found, {@code null} is returned. * appropriate token is found, {@code null} is returned.
* *
* @param request The request * @param message The request
* @return The authentication token this realm can authenticate, {@code null} if no such * @return The authentication token this realm can authenticate, {@code null} if no such
* token is found * token is found
*/ */
T token(TransportRequest request); T token(TransportMessage<?> message);
/** /**
* Authenticates the given token. A successful authentication will return the User associated * Authenticates the given token. A successful authentication will return the User associated

5
src/main/java/org/elasticsearch/shield/authc/esusers/ESUsersRealm.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.support.UserPasswdStore; import org.elasticsearch.shield.authc.support.UserPasswdStore;
import org.elasticsearch.shield.authc.support.UserRolesStore; import org.elasticsearch.shield.authc.support.UserRolesStore;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportRequest;
/** /**
@ -40,8 +41,8 @@ public class ESUsersRealm extends AbstractComponent implements Realm<UsernamePas
} }
@Override @Override
public UsernamePasswordToken token(TransportRequest request) { public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(request, null); return UsernamePasswordToken.extractToken(message, null);
} }
@Override @Override

6
src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.Realm; import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
/** /**
* *
@ -31,8 +31,8 @@ public class LdapRealm extends AbstractComponent implements Realm<UsernamePasswo
} }
@Override @Override
public UsernamePasswordToken token(TransportRequest request) { public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(request, null); return UsernamePasswordToken.extractToken(message, null);
} }
@Override @Override

6
src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java
View File

@ -13,7 +13,7 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationException; import org.elasticsearch.shield.authc.AuthenticationException;
import org.elasticsearch.shield.authc.Realm; import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportMessage;
import java.util.Arrays; import java.util.Arrays;
import java.util.concurrent.Callable; import java.util.concurrent.Callable;
@ -40,8 +40,8 @@ public abstract class CachingUsernamePasswordRealm extends AbstractComponent imp
} }
@Override @Override
public UsernamePasswordToken token(TransportRequest request) { public UsernamePasswordToken token(TransportMessage<?> message) {
return UsernamePasswordToken.extractToken(request, null); return UsernamePasswordToken.extractToken(message, null);
} }
protected final void expire(String username) { protected final void expire(String username) {

11
src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
View File

@ -9,6 +9,7 @@ import org.apache.commons.codec.binary.Base64;
import org.elasticsearch.common.base.Charsets; import org.elasticsearch.common.base.Charsets;
import org.elasticsearch.shield.authc.AuthenticationException; import org.elasticsearch.shield.authc.AuthenticationException;
import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportRequest;
import java.util.regex.Matcher; import java.util.regex.Matcher;
@ -42,18 +43,18 @@ public class UsernamePasswordToken implements AuthenticationToken {
return password; return password;
} }
public static UsernamePasswordToken extractToken(TransportRequest request, UsernamePasswordToken defaultToken) { public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
UsernamePasswordToken token = (UsernamePasswordToken) request.context().get(TOKEN_KEY); UsernamePasswordToken token = (UsernamePasswordToken) message.context().get(TOKEN_KEY);
if (token != null) { if (token != null) {
return token; return token;
} }
String authStr = request.getHeader(BASIC_AUTH_HEADER); String authStr = message.getHeader(BASIC_AUTH_HEADER);
if (authStr == null) { if (authStr == null) {
if (defaultToken == null) { if (defaultToken == null) {
return null; return null;
} }
request.context().put(TOKEN_KEY, defaultToken); message.context().put(TOKEN_KEY, defaultToken);
return defaultToken; return defaultToken;
} }
@ -65,7 +66,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
String userpasswd = new String(Base64.decodeBase64(matcher.group(1)), Charsets.UTF_8); String userpasswd = new String(Base64.decodeBase64(matcher.group(1)), Charsets.UTF_8);
int i = userpasswd.indexOf(':'); int i = userpasswd.indexOf(':');
token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray()); token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
request.context().put(TOKEN_KEY, token); message.context().put(TOKEN_KEY, token);
return token; return token;
} }