From 603db388d787422d764d759e67aba379081194bb Mon Sep 17 00:00:00 2001 From: javanna Date: Tue, 30 Aug 2016 15:02:13 +0200 Subject: [PATCH] Security: throw exception if we cannot extract indices from an indices request This used to be an assertion but we move it to an exception to be able to catch this at all times without requiring assertion enabled Original commit: elastic/x-pack-elasticsearch@fcb5fbe8524ba7c667a70a5e9422ba62fd9dc26a --- .../DefaultIndicesAndAliasesResolver.java | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java index 440ad73eab7..842f46c9e36 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java @@ -49,13 +49,10 @@ public class DefaultIndicesAndAliasesResolver implements IndicesAndAliasesResolv @Override public Set resolve(User user, String action, TransportRequest request, MetaData metaData) { - boolean isIndicesRequest = request instanceof CompositeIndicesRequest || request instanceof IndicesRequest; - assert isIndicesRequest : "Request [" + request + "] is not an Indices request, but should be."; - // if for some reason we are missing an action... just for safety we'll reject - if (!isIndicesRequest) { - return Collections.emptySet(); + if (isIndicesRequest == false) { + throw new IllegalStateException("Request [" + request + "] is not an Indices request, but should be."); } if (request instanceof CompositeIndicesRequest) { @@ -74,7 +71,7 @@ public class DefaultIndicesAndAliasesResolver implements IndicesAndAliasesResolv final Set indices; if (indicesRequest instanceof PutMappingRequest && ((PutMappingRequest) indicesRequest).getConcreteIndex() != null) { - /** + /* * This is a special case since PutMappingRequests from dynamic mapping updates have a concrete index * if this index is set and it's in the list of authorized indices we are good and don't need to put * the list of indices in there, if we do so it will result in an invalid request and the update will fail.