diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index 63703c609f1..6cffbc48b78 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -17,6 +17,7 @@ import org.elasticsearch.action.admin.indices.create.CreateIndexRequest; import org.elasticsearch.action.search.ClearScrollAction; import org.elasticsearch.action.search.SearchScrollAction; import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.metadata.AliasOrIndex; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; @@ -30,7 +31,7 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesResolver; import org.elasticsearch.shield.authz.store.RolesStore; import org.elasticsearch.transport.TransportRequest; -import java.util.Iterator; +import java.util.Map; import java.util.Set; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -76,15 +77,11 @@ public class InternalAuthorizationService extends AbstractComponent implements A ImmutableList.Builder indicesAndAliases = ImmutableList.builder(); Predicate predicate = Predicates.or(predicates.build()); MetaData metaData = clusterService.state().metaData(); - for (String index : metaData.concreteAllIndices()) { - if (predicate.apply(index)) { - indicesAndAliases.add(index); - } - } - for (Iterator iter = metaData.getAliases().keysIt(); iter.hasNext(); ) { - String alias = iter.next(); - if (predicate.apply(alias)) { - indicesAndAliases.add(alias); + // TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles? + for (Map.Entry entry : metaData.getAliasAndIndexLookup().entrySet()) { + String aliasOrIndex = entry.getKey(); + if (predicate.apply(aliasOrIndex)) { + indicesAndAliases.add(aliasOrIndex); } } return indicesAndAliases.build(); diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java b/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java index 02dbc88324f..1ae839c3ea3 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz.indicesresolver; -import com.carrotsearch.hppc.ObjectLookupContainer; import com.google.common.collect.ImmutableList; import com.google.common.collect.Lists; import com.google.common.collect.Sets; @@ -13,6 +12,7 @@ import org.elasticsearch.action.AliasesRequest; import org.elasticsearch.action.CompositeIndicesRequest; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.support.IndicesOptions; +import org.elasticsearch.cluster.metadata.AliasOrIndex; import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.metadata.MetaData; @@ -99,9 +99,10 @@ public class DefaultIndicesResolver implements IndicesResolver private List loadAuthorizedAliases(List authorizedIndices, MetaData metaData) { List authorizedAliases = Lists.newArrayList(); - ObjectLookupContainer existingAliases = metaData.aliases().keys(); + SortedMap existingAliases = metaData.getAliasAndIndexLookup(); for (String authorizedIndex : authorizedIndices) { - if (existingAliases.contains(authorizedIndex)) { + AliasOrIndex aliasOrIndex = existingAliases.get(authorizedIndex); + if (aliasOrIndex != null && aliasOrIndex.isAlias()) { authorizedAliases.add(authorizedIndex); } }