Make sure the "Authorization" header is copied from the rest to request the transport message
Original commit: elastic/x-pack-elasticsearch@a29c66821e
This commit is contained in:
uboness
parent
6f82a56ed3
commit
6ebe1b997f
|
|
@ -14,6 +14,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.rest.*;
|
||||
import org.elasticsearch.shield.authc.AuthenticationService;
|
||||
import org.elasticsearch.shield.authc.AuthenticationToken;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.shield.authc.system.SystemRealm;
|
||||
import org.elasticsearch.shield.authz.AuthorizationService;
|
||||
import org.elasticsearch.shield.transport.TransportFilter;
|
||||
|
|
@ -43,6 +44,10 @@ public class SecurityFilter extends AbstractComponent {
|
|||
|
||||
public static class Rest extends RestFilter {
|
||||
|
||||
static {
|
||||
BaseRestHandler.addUsefulHeaders(UsernamePasswordToken.BASIC_AUTH_HEADER);
|
||||
}
|
||||
|
||||
private final SecurityFilter filter;
|
||||
|
||||
public Rest(SecurityFilter filter) {
|
||||
|
|
|
|||
|
|
@ -21,9 +21,8 @@ import java.util.regex.Pattern;
|
|||
*/
|
||||
public class UsernamePasswordToken implements AuthenticationToken {
|
||||
|
||||
public static final String BASIC_AUTH_HEADER = "Authorization";
|
||||
private static final String TOKEN_KEY = "X-ES-UsernamePasswordToken";
|
||||
|
||||
static final String BASIC_AUTH_HEADER = "Authorization";
|
||||
private static final Pattern BASIC_AUTH_PATTERN = Pattern.compile("Basic\\s(.+)");
|
||||
|
||||
private final String username;
|
||||
|
|
|
|||
|
|
@ -5,17 +5,21 @@
|
|||
*/
|
||||
package org.elasticsearch.shield;
|
||||
|
||||
import org.elasticsearch.action.Action;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
import org.elasticsearch.action.support.ActionFilterChain;
|
||||
import org.elasticsearch.client.AdminClient;
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.client.ClusterAdminClient;
|
||||
import org.elasticsearch.client.IndicesAdminClient;
|
||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||
import org.elasticsearch.rest.RestChannel;
|
||||
import org.elasticsearch.rest.RestController;
|
||||
import org.elasticsearch.rest.RestFilterChain;
|
||||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.rest.*;
|
||||
import org.elasticsearch.shield.authc.AuthenticationException;
|
||||
import org.elasticsearch.shield.authc.AuthenticationService;
|
||||
import org.elasticsearch.shield.authc.AuthenticationToken;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.shield.authc.system.SystemRealm;
|
||||
import org.elasticsearch.shield.authz.AuthorizationException;
|
||||
import org.elasticsearch.shield.authz.AuthorizationService;
|
||||
|
|
@ -26,6 +30,10 @@ import org.junit.Rule;
|
|||
import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
|
||||
|
|
@ -163,6 +171,36 @@ public class SecurityFilterTests extends ElasticsearchTestCase {
|
|||
rest.process(request, channel, chain);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testRestHeadersAreCopied() throws Exception {
|
||||
SecurityFilter.Rest.class.getName(); // just to make sure Rest class is loaded
|
||||
Client client = mock(Client.class);
|
||||
AdminClient adminClient = mock(AdminClient.class);
|
||||
when(client.admin()).thenReturn(adminClient);
|
||||
when(adminClient.cluster()).thenReturn(mock(ClusterAdminClient.class));
|
||||
when(adminClient.indices()).thenReturn(mock(IndicesAdminClient.class));
|
||||
final ActionRequest request = new ActionRequest() {
|
||||
@Override
|
||||
public ActionRequestValidationException validate() {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
final Action action = mock(Action.class);
|
||||
final ActionListener listener = mock(ActionListener.class);
|
||||
BaseRestHandler handler = new BaseRestHandler(ImmutableSettings.EMPTY, client) {
|
||||
@Override
|
||||
protected void handleRequest(RestRequest restRequest, RestChannel channel, Client client) throws Exception {
|
||||
client.execute(action, request, listener);
|
||||
}
|
||||
};
|
||||
RestRequest restRequest = mock(RestRequest.class);
|
||||
when(restRequest.header(UsernamePasswordToken.BASIC_AUTH_HEADER)).thenReturn("foobar");
|
||||
RestChannel channel = mock(RestChannel.class);
|
||||
handler.handleRequest(restRequest, channel);
|
||||
assertThat((String) request.getHeader(UsernamePasswordToken.BASIC_AUTH_HEADER), equalTo("foobar"));
|
||||
}
|
||||
|
||||
private static class InternalRequest extends TransportRequest {
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue