Merge branch 'master' into feature/shield-ui

Original commit: elastic/x-pack-elasticsearch@2b65f74b82
2025-03-09 14:34:43 +00:00 · 2016-04-25 09:13:14 -07:00 · 2016-04-25 09:13:14 -07:00 · 562b80c47e
commit 562b80c47e
parent 064a1eb961 91242f3a98
2 changed files with 17 additions and 0 deletions
--- a/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
+++ b/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
@ -15,6 +15,7 @@ integTest {
  dependsOn copyMonitoringRestTests

  cluster {
+    systemProperty 'es.logger.level', 'TRACE'
    plugin 'x-pack', project(':x-plugins:elasticsearch:x-pack')
    setting 'xpack.monitoring.agent.interval', '3s'
    extraConfigFile 'x-pack/roles.yml', 'roles.yml'
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
@ -131,4 +131,20 @@ public class ReservedRealmTests extends ESTestCase {

        assertThat(ReservedRealm.users(), containsInAnyOrder((User) XPackUser.INSTANCE, KibanaUser.INSTANCE));
    }
+
+    public void testFailedAuthentication() {
+        final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore);
+        // maybe cache a successful auth
+        if (randomBoolean()) {
+            User user = reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("changeme".toCharArray())));
+            assertThat(user, sameInstance(XPackUser.INSTANCE));
+        }
+
+        try {
+            reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("foobar".toCharArray())));
+            fail("authentication should throw an exception otherwise we may allow others to impersonate reserved users...");
+        } catch (ElasticsearchSecurityException e) {
+            assertThat(e.getMessage(), containsString("failed to authenticate"));
+        }
+    }
 }