Deguice ActionFilter (elastic/x-pack-elasticsearch#2533)

Companion PR to elastic/elasticsearch#26691

Original commit: elastic/x-pack-elasticsearch@3fceb54809

plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java

@@ -456,8 +456,8 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
     }
 
     @Override
-    public List<Class<? extends ActionFilter>> getActionFilters() {
-        List<Class<? extends ActionFilter>> filters = new ArrayList<>();
+    public List<ActionFilter> getActionFilters() {
+        List<ActionFilter> filters = new ArrayList<>();
         filters.addAll(licensing.getActionFilters());
         filters.addAll(monitoring.getActionFilters());
         filters.addAll(security.getActionFilters());

plugin/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -42,6 +42,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsFilter;
 import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
+import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.common.xcontent.NamedXContentRegistry;
 import org.elasticsearch.common.xcontent.XContent;
 import org.elasticsearch.common.xcontent.XContentFactory;
@@ -75,8 +76,11 @@ import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.xpack.XPackSettings;
 import org.elasticsearch.xpack.extensions.XPackExtension;
 import org.elasticsearch.xpack.extensions.XPackExtensionsService;
-import org.elasticsearch.xpack.security.action.SecurityActionModule;
 import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
+import org.elasticsearch.xpack.security.action.interceptor.BulkShardRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor;
 import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheAction;
 import org.elasticsearch.xpack.security.action.realm.TransportClearRealmCacheAction;
 import org.elasticsearch.xpack.security.action.role.ClearRolesCacheAction;
@@ -228,6 +232,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
     private final SetOnce<SecurityContext> securityContext = new SetOnce<>();
     private final SetOnce<ThreadContext> threadContext = new SetOnce<>();
     private final SetOnce<TokenService> tokenService = new SetOnce<>();
+    private final SetOnce<SecurityActionFilter> securityActionFilter = new SetOnce<>();
     private final List<BootstrapCheck> bootstrapChecks;
 
     public Security(Settings settings, Environment env, XPackLicenseState licenseState, SSLService sslService)
@@ -295,7 +300,6 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
                 b.bind(AuditTrail.class).to(AuditTrailService.class); // interface used by some actions...
             }
         });
-        modules.add(new SecurityActionModule(settings));
         return modules;
     }
 
@@ -418,6 +422,19 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
         securityInterceptor.set(new SecurityServerTransportInterceptor(settings, threadPool, authcService.get(), authzService, licenseState,
                 sslService, securityContext.get(), destructiveOperations));
 
+        final Set<RequestInterceptor> requestInterceptors;
+        if (XPackSettings.DLS_FLS_ENABLED.get(settings)) {
+            requestInterceptors = Sets.newHashSet(
+                    new SearchRequestInterceptor(settings, threadPool, licenseState),
+                    new UpdateRequestInterceptor(settings, threadPool, licenseState),
+                    new BulkShardRequestInterceptor(settings, threadPool, licenseState));
+        } else {
+            requestInterceptors = Collections.emptySet();
+        }
+
+        securityActionFilter.set(new SecurityActionFilter(settings, authcService.get(), authzService, licenseState,
+                requestInterceptors, threadPool, securityContext.get(), destructiveOperations));
+
         return components;
     }
 
@@ -585,13 +602,13 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
     }
 
     @Override
-    public List<Class<? extends ActionFilter>> getActionFilters() {
+    public List<ActionFilter> getActionFilters() {
         if (enabled == false) {
             return emptyList();
         }
         // registering the security filter only for nodes
         if (transportClientMode == false) {
-            return singletonList(SecurityActionFilter.class);
+            return singletonList(securityActionFilter.get());
         }
         return emptyList();
     }

plugin/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java

@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.xpack.security.action;
-
-import org.elasticsearch.common.inject.multibindings.Multibinder;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.xpack.XPackSettings;
-import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
-import org.elasticsearch.xpack.security.action.interceptor.BulkShardRequestInterceptor;
-import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
-import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor;
-import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor;
-import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
-
-public class SecurityActionModule extends AbstractSecurityModule.Node {
-
-    public SecurityActionModule(Settings settings) {
-        super(settings);
-    }
-
-    @Override
-    protected void configureNode() {
-        // we need to ensure that there's only a single instance of the action filters
-        bind(SecurityActionFilter.class).asEagerSingleton();
-
-        Multibinder<RequestInterceptor> multibinder
-                = Multibinder.newSetBinder(binder(), RequestInterceptor.class);
-        if (XPackSettings.DLS_FLS_ENABLED.get(settings)) {
-            multibinder.addBinding().to(SearchRequestInterceptor.class);
-            multibinder.addBinding().to(UpdateRequestInterceptor.class);
-            multibinder.addBinding().to(BulkShardRequestInterceptor.class);
-        }
-    }
-}