honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

passwordfix: This removes the password clearing from the authentication service 

This fixes a bug when the UsernamePasswordToken is cached in the userContext and reused after it's cleared.

Original commit: elastic/x-pack-elasticsearch@9aab1d8530
This commit is contained in:
c-a-m 2014-09-27 11:23:38 -06:00
parent da3aacf107
commit 402749e12b
1 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -97,29 +97,24 @@ public class InternalAuthenticationService extends AbstractComponent implements
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException { public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
assert token != null : "cannot authenticate null tokens"; assert token != null : "cannot authenticate null tokens";
try { User user = (User) message.getContext().get(USER_CTX_KEY);
User user = (User) message.getContext().get(USER_CTX_KEY); if (user != null) {
if (user != null) { return user;
return user; }
} for (Realm realm : realms) {
for (Realm realm : realms) { if (realm.supports(token)) {
if (realm.supports(token)) { user = realm.authenticate(token);
user = realm.authenticate(token); if (user != null) {
if (user != null) { message.putInContext(USER_CTX_KEY, user);
message.putInContext(USER_CTX_KEY, user); return user;
return user; } else if (auditTrail != null) {
} else if (auditTrail != null) { auditTrail.authenticationFailed(realm.type(), token, action, message);
auditTrail.authenticationFailed(realm.type(), token, action, message);
}
} }
} }
if (auditTrail != null) {
auditTrail.authenticationFailed(token, action, message);
}
throw new AuthenticationException("Unable to authenticate user for request");
} finally {
token.clearCredentials();
} }
if (auditTrail != null) {
auditTrail.authenticationFailed(token, action, message);
}
throw new AuthenticationException("Unable to authenticate user for request");
} }
} }