diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java index 8546de39f8a..1fd55718cc9 100644 --- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java +++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java @@ -39,7 +39,6 @@ import java.util.Map; public class FileUserPasswdStore extends AbstractComponent implements UserPasswdStore { private final Path file; - private final FileWatcher watcher; final Hasher hasher = Hasher.HTPASSWD; private volatile ImmutableMap esUsers; @@ -55,9 +54,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd super(settings); file = resolveFile(settings, env); esUsers = parseFile(file, logger); - watcher = new FileWatcher(file.getParent().toFile()); + FileWatcher watcher = new FileWatcher(file.getParent().toFile()); watcher.addListener(new FileListener()); - watcherService.add(watcher); + watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH); this.listener = listener; } diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java index c620672a5a0..ff11b48569e 100644 --- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java +++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java @@ -55,7 +55,7 @@ public class FileUserRolesStore extends AbstractComponent implements UserRolesSt userRoles = parseFile(file, logger); FileWatcher watcher = new FileWatcher(file.getParent().toFile()); watcher.addListener(new FileListener()); - watcherService.add(watcher); + watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH); this.listener = listener; } diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/ActiveDirectoryConnectionFactory.java b/src/main/java/org/elasticsearch/shield/authc/ldap/ActiveDirectoryConnectionFactory.java index 2b30eaa2151..f376d7e4a13 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/ActiveDirectoryConnectionFactory.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/ActiveDirectoryConnectionFactory.java @@ -34,6 +34,7 @@ public class ActiveDirectoryConnectionFactory extends AbstractComponent implemen public static final String AD_DOMAIN_NAME_SETTING = "domain_name"; public static final String AD_PORT = "default_port"; public static final String AD_USER_SEARCH_BASEDN_SETTING = "user_search_dn"; + static final String MODE_NAME = "active_directory"; private final ImmutableMap sharedLdapEnv; private final String userSearchDN; @@ -47,8 +48,9 @@ public class ActiveDirectoryConnectionFactory extends AbstractComponent implemen throw new ShieldException("Missing [" + AD_DOMAIN_NAME_SETTING + "] setting for active directory"); } userSearchDN = componentSettings.get(AD_USER_SEARCH_BASEDN_SETTING, buildDnFromDomain(domainName)); - int port = componentSettings.getAsInt(AD_PORT, 389); - String[] ldapUrls = componentSettings.getAsArray(URLS_SETTING, new String[] { "ldap://" + domainName + ":" + port }); + int port = componentSettings.getAsInt(AD_PORT, 636); + String protocol = port == 389 ? "ldap://" : "ldaps://"; + String[] ldapUrls = componentSettings.getAsArray(URLS_SETTING, new String[] { protocol + domainName + ":" + port }); ImmutableMap.Builder builder = ImmutableMap.builder() .put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory") diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapper.java b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapper.java index 1457b71d599..0549b1d0d12 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapper.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapper.java @@ -54,7 +54,7 @@ public class LdapGroupToRoleMapper extends AbstractComponent { groupRoles = parseFile(file, logger); FileWatcher watcher = new FileWatcher(file.getParent().toFile()); watcher.addListener(new FileListener()); - watcherService.add(watcher); + watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH); this.listener = listener; } diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapModule.java b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapModule.java index 910868b0578..869f601a2ab 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapModule.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapModule.java @@ -7,6 +7,7 @@ package org.elasticsearch.shield.authc.ldap; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.shield.ShieldSettingsException; import org.elasticsearch.shield.authc.Realm; import org.elasticsearch.shield.support.AbstractShieldModule; @@ -16,7 +17,6 @@ import static org.elasticsearch.common.inject.name.Names.named; * Configures Ldap object injections */ public class LdapModule extends AbstractShieldModule.Node { - private final boolean enabled; public LdapModule(Settings settings) { @@ -34,14 +34,17 @@ public class LdapModule extends AbstractShieldModule.Node { bind(Realm.class).annotatedWith(named(LdapRealm.TYPE)).to(LdapRealm.class).asEagerSingleton(); bind(LdapGroupToRoleMapper.class).asEagerSingleton(); - String mode = settings.getComponentSettings(LdapModule.class).get("mode", "ldap"); - if ("ldap".equals(mode)) { + String mode = settings.getComponentSettings(LdapModule.class).get("mode", StandardLdapConnectionFactory.MODE_NAME); + if (StandardLdapConnectionFactory.MODE_NAME.equals(mode)) { bind(LdapConnectionFactory.class).to(StandardLdapConnectionFactory.class); - } else { + } else if (ActiveDirectoryConnectionFactory.MODE_NAME.equals(mode)) { bind(LdapConnectionFactory.class).to(ActiveDirectoryConnectionFactory.class); + } else { + throw new ShieldSettingsException("LDAP is enabled but mode [" + mode + "] does not match [" + + StandardLdapConnectionFactory.MODE_NAME + "] or [" + ActiveDirectoryConnectionFactory.MODE_NAME +"]"); } } else { - bind(LdapRealm.class).toProvider(Providers.of((LdapRealm) null)); + bind(LdapRealm.class).toProvider(Providers.of(null)); } } diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/StandardLdapConnectionFactory.java b/src/main/java/org/elasticsearch/shield/authc/ldap/StandardLdapConnectionFactory.java index 7884c2fd710..2ea852184b0 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/StandardLdapConnectionFactory.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/StandardLdapConnectionFactory.java @@ -29,10 +29,10 @@ import java.util.Hashtable; * for each user context would need to be supplied. */ public class StandardLdapConnectionFactory extends AbstractComponent implements LdapConnectionFactory { - public static final String USER_DN_TEMPLATES_SETTING = "user_dn_templates"; public static final String GROUP_SEARCH_SUBTREE_SETTING = "group_search.subtree_search"; public static final String GROUP_SEARCH_BASEDN_SETTING = "group_search.group_search_dn"; + static final String MODE_NAME = "ldap"; private final ImmutableMap sharedLdapEnv; private final String[] userDnTemplates; diff --git a/src/main/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticator.java b/src/main/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticator.java index 15316363064..19f1408c267 100644 --- a/src/main/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticator.java +++ b/src/main/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticator.java @@ -54,7 +54,7 @@ public class IPFilteringN2NAuthenticator extends AbstractComponent implements N2 rules = parseFile(file, logger); FileWatcher watcher = new FileWatcher(file.getParent().toFile()); watcher.addListener(new FileListener()); - watcherService.add(watcher); + watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH); } private Path resolveFile(Settings settings, Environment env) { diff --git a/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStoreTests.java b/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStoreTests.java index 29dc163c68f..1545c5c9f2d 100644 --- a/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStoreTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStoreTests.java @@ -71,7 +71,7 @@ public class FileUserPasswdStoreTests extends ElasticsearchTestCase { Files.copy(users, Files.newOutputStream(tmp)); Settings settings = ImmutableSettings.builder() - .put("watcher.interval", "2s") + .put("watcher.interval.high", "2s") .put("shield.authc.esusers.files.users", tmp.toAbsolutePath()) .build(); diff --git a/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStoreTests.java b/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStoreTests.java index f62ac362dd8..4fabd41c817 100644 --- a/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStoreTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStoreTests.java @@ -65,7 +65,7 @@ public class FileUserRolesStoreTests extends ElasticsearchTestCase { Files.copy(users, Files.newOutputStream(tmp)); Settings settings = ImmutableSettings.builder() - .put("watcher.interval", "2s") + .put("watcher.interval.high", "2s") .put("shield.authc.esusers.files.users_roles", tmp.toAbsolutePath()) .build(); diff --git a/src/test/java/org/elasticsearch/shield/test/ShieldIntegrationTest.java b/src/test/java/org/elasticsearch/shield/test/ShieldIntegrationTest.java index 0c6ade17c9c..1dfa2a01b9c 100644 --- a/src/test/java/org/elasticsearch/shield/test/ShieldIntegrationTest.java +++ b/src/test/java/org/elasticsearch/shield/test/ShieldIntegrationTest.java @@ -74,7 +74,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest .put("shield.transport.n2n.ip_filter.file", writeFile(folder, "ip_filter.yml", CONFIG_IPFILTER_ALLOW_ALL)) .put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode")) .put("shield.audit.enabled", true) - .put(getSSLSettingsForLdap("/org/elasticsearch/shield/authc/ldap/ldaptrust.jks", "changeit")) .put("plugins.load_classpath_plugins", false); if (OsUtils.MAC) { @@ -152,22 +151,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest return builder.build(); } - protected Settings getSSLSettingsForLdap(String resourcePathToStore, String password) { - File store; - try { - store = new File(getClass().getResource(resourcePathToStore).toURI()); - assertThat(store.exists(), is(true)); - } catch (Exception e) { - throw new RuntimeException(e); - } - - ImmutableSettings.Builder builder = settingsBuilder() - .put("shield.authc.ldap.truststore_password", password) - .put("shield.authc.ldap.truststore", store.getPath()); - - return builder.build(); - } - protected File newFolder() { try { return tmpFolder.newFolder(); diff --git a/src/test/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticatorTests.java b/src/test/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticatorTests.java index e24594bdc2c..e1bf2397381 100644 --- a/src/test/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticatorTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/n2n/IPFilteringN2NAuthenticatorTests.java @@ -44,7 +44,9 @@ public class IPFilteringN2NAuthenticatorTests extends ElasticsearchTestCase { @Rule public TemporaryFolder temporaryFolder = new TemporaryFolder(); - private final Settings resourceWatcherServiceSettings = settingsBuilder().put("watcher.interval.medium", TimeValue.timeValueMillis(200)).build(); + private final Settings resourceWatcherServiceSettings = settingsBuilder() + .put("watcher.interval.high", TimeValue.timeValueMillis(200)) + .build(); private ResourceWatcherService resourceWatcherService; private File configFile;