passwordfix: This removes the password clearing from the authentication service
This fixes a bug when the UsernamePasswordToken is cached in the userContext and reused after it's cleared. Original commit: elastic/x-pack-elasticsearch@9aab1d8530
This commit is contained in:
parent
da3aacf107
commit
402749e12b
|
@ -97,7 +97,6 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
@SuppressWarnings("unchecked")
|
||||
public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
|
||||
assert token != null : "cannot authenticate null tokens";
|
||||
try {
|
||||
User user = (User) message.getContext().get(USER_CTX_KEY);
|
||||
if (user != null) {
|
||||
return user;
|
||||
|
@ -117,9 +116,5 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
auditTrail.authenticationFailed(token, action, message);
|
||||
}
|
||||
throw new AuthenticationException("Unable to authenticate user for request");
|
||||
} finally {
|
||||
token.clearCredentials();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue