Cleanup
- descriptive authentication messages - cleaned up a bit the `InternalAuthorizationService` Original commit: elastic/x-pack-elasticsearch@47f485f1bc
This commit is contained in:
uboness
parent
dd4a66bd6c
commit
78f3e28cb8
|
|
@ -49,11 +49,11 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
AuthenticationToken token = token(request);
|
||||
if (token == null) {
|
||||
auditTrail.anonymousAccessDenied(request);
|
||||
throw new AuthenticationException("missing authentication token");
|
||||
throw new AuthenticationException("missing authentication token for REST request [" + request.uri() + "]");
|
||||
}
|
||||
User user = authenticate(request, token);
|
||||
if (user == null) {
|
||||
throw new AuthenticationException("unable to authenticate user for request");
|
||||
throw new AuthenticationException("unable to authenticate user [" + user.principal() + "] for REST request [" + request.uri() + "]");
|
||||
}
|
||||
request.putInContext(USER_KEY, user);
|
||||
return user;
|
||||
|
|
@ -147,7 +147,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
if (token == null) {
|
||||
if (fallbackUser == null) {
|
||||
auditTrail.anonymousAccessDenied(action, message);
|
||||
throw new AuthenticationException("missing authentication token for request [" + action + "]");
|
||||
throw new AuthenticationException("missing authentication token for action [" + action + "]");
|
||||
}
|
||||
return fallbackUser;
|
||||
}
|
||||
|
|
@ -163,7 +163,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
}
|
||||
}
|
||||
auditTrail.authenticationFailed(token, action, message);
|
||||
throw new AuthenticationException("unable to authenticate user for request [" + action + "]");
|
||||
throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for action [" + action + "]");
|
||||
} finally {
|
||||
token.clearCredentials();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -208,15 +208,6 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
return roles.build();
|
||||
}
|
||||
|
||||
private AuthorizationException denial(User user, String action, TransportRequest request) {
|
||||
auditTrail.accessDenied(user, action, request);
|
||||
return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]");
|
||||
}
|
||||
|
||||
private void grant(User user, String action, TransportRequest request) {
|
||||
auditTrail.accessGranted(user, action, request);
|
||||
}
|
||||
|
||||
private Set<String> resolveIndices(User user, String action, TransportRequest request) {
|
||||
MetaData metaData = clusterService.state().metaData();
|
||||
for (IndicesResolver resolver : indicesResolvers) {
|
||||
|
|
@ -238,4 +229,14 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
action.equals(ClearScrollAction.NAME) ||
|
||||
action.equals(SearchServiceTransportAction.CLEAR_SCROLL_CONTEXTS_ACTION_NAME);
|
||||
}
|
||||
|
||||
private AuthorizationException denial(User user, String action, TransportRequest request) {
|
||||
auditTrail.accessDenied(user, action, request);
|
||||
return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]");
|
||||
}
|
||||
|
||||
private void grant(User user, String action, TransportRequest request) {
|
||||
auditTrail.accessGranted(user, action, request);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue