honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only log LDAP errors if authentication failed overall (elastic/x-pack-elasticsearch#960) 

Changes the logging of LDAP authentication failures from "always" to "only if the user failed to be authenticated"

Previously there were cases (such has having 2 AD realms) where successful user authentication would still cause an INFO message to be written to the log for every request. 
Now that message is suppressed, but a WARN message is added _if-and-only-if_ the user cannot be authenticated by any realm.

This is implemented via a new value stored in the ThreadContext that the AuthenticationService choses to log (or not log) depending on the result of the authenticate process.
  
Closes: elastic/x-pack-elasticsearch#887

Original commit: elastic/x-pack-elasticsearch@b81b363729
This commit is contained in:
Tim Vernum 2017-04-11 09:37:21 +10:00 committed by GitHub
parent 43f1fb2bb1
commit 8840042751
28 changed files with 325 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -299,7 +299,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
securityLifecycleService);
final AnonymousUser anonymousUser = new AnonymousUser(settings);
final ReservedRealm reservedRealm = new ReservedRealm(env, settings, nativeUsersStore,
anonymousUser, securityLifecycleService);
anonymousUser, securityLifecycleService, threadPool.getThreadContext());
Map<String, Realm.Factory> realmFactories = new HashMap<>();
realmFactories.putAll(InternalRealms.getFactories(threadPool, resourceWatcherService, sslService, nativeUsersStore));
for (XPackExtension extension : extensions) {
@ -311,7 +311,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
}
}
}
final Realms realms = new Realms(settings, env, realmFactories, licenseState, reservedRealm);
final Realms realms = new Realms(settings, env, realmFactories, licenseState, threadPool.getThreadContext(), reservedRealm);
components.add(nativeUsersStore);
components.add(realms);
components.add(reservedRealm);

9
plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
View File

@ -11,6 +11,7 @@ import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
@ -24,12 +25,12 @@ import org.elasticsearch.xpack.common.IteratingActionListener;
import org.elasticsearch.xpack.security.audit.AuditTrail;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.user.AnonymousUser;
import org.elasticsearch.xpack.security.user.User;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
@ -315,6 +316,12 @@ public class AuthenticationService extends AbstractComponent {
*/
private void consumeUser(User user) {
if (user == null) {
final Map<Realm, Tuple<String, Exception>> failureDetails = Realm.getAuthenticationFailureDetails(threadContext);
failureDetails.forEach((realm, tuple) -> {
final String message = tuple.v1();
final String cause = tuple.v2() == null ? "" : " (Caused by " + tuple.v2() + ")";
logger.warn("Authentication to realm {} failed - {}{}", realm.name(), message, cause);
});
listener.onFailure(request.authenticationFailed(authenticationToken));
} else {
if (runAsEnabled) {

32
plugin/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java
View File

@ -7,10 +7,14 @@ package org.elasticsearch.xpack.security.authc;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.user.User;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
@ -20,6 +24,8 @@ import java.util.Map;
*/
public abstract class Realm implements Comparable<Realm> {
private static final String AUTHENTICATION_FAILURES_KEY = "_xpack_security_auth_failures";
protected final Logger logger;
protected final String type;
protected RealmConfig config;
@ -114,4 +120,30 @@ public abstract class Realm implements Comparable<Realm> {
*/
Realm create(RealmConfig config) throws Exception;
}
/**
* Provides a mechanism for a realm to report errors that were handled within a realm, but may
* provide useful diagnostics about why authentication failed.
*/
protected final void setFailedAuthenticationDetails(String message, @Nullable Exception cause) {
final ThreadContext threadContext = config.threadContext();
Map<Realm, Tuple<String, Exception>> failures = threadContext.getTransient(AUTHENTICATION_FAILURES_KEY);
if (failures == null) {
failures = new LinkedHashMap<>();
threadContext.putTransient(AUTHENTICATION_FAILURES_KEY, failures);
}
failures.put(this, new Tuple<>(message, cause));
}
/**
* Retrieves any authentication failures messages that were set using {@link #setFailedAuthenticationDetails(String, Exception)}
*/
static Map<Realm, Tuple<String, Exception>> getAuthenticationFailureDetails(ThreadContext threadContext) {
final Map<Realm, Tuple<String, Exception>> failures = threadContext.getTransient(AUTHENTICATION_FAILURES_KEY);
if (failures == null) {
return Collections.emptyMap();
}
return failures;
}
}

15
plugin/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.security.authc;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
public class RealmConfig {
@ -19,18 +20,22 @@ public class RealmConfig {
private final Environment env;
private final Settings globalSettings;
private final ThreadContext threadContext;
public RealmConfig(String name, Settings settings, Settings globalSettings) {
this(name, settings, globalSettings, new Environment(globalSettings));
public RealmConfig(String name, Settings settings, Settings globalSettings,
ThreadContext threadContext) {
this(name, settings, globalSettings, new Environment(globalSettings), threadContext);
}
public RealmConfig(String name, Settings settings, Settings globalSettings, Environment env) {
public RealmConfig(String name, Settings settings, Settings globalSettings, Environment env,
ThreadContext threadContext) {
this.name = name;
this.settings = settings;
this.globalSettings = globalSettings;
this.env = env;
enabled = RealmSettings.ENABLED_SETTING.get(settings);
order = RealmSettings.ORDER_SETTING.get(settings);
this.threadContext = threadContext;
}
public String name() {
@ -60,4 +65,8 @@ public class RealmConfig {
public Environment env() {
return env;
}
public ThreadContext threadContext() {
return threadContext;
}
}

11
plugin/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java
View File

@ -19,6 +19,7 @@ import java.util.Set;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.license.XPackLicenseState.AllowedRealmType;
@ -35,6 +36,7 @@ public class Realms extends AbstractComponent implements Iterable<Realm> {
private final Environment env;
private final Map<String, Realm.Factory> factories;
private final XPackLicenseState licenseState;
private final ThreadContext threadContext;
private final ReservedRealm reservedRealm;
protected List<Realm> realms = Collections.emptyList();
@ -44,11 +46,12 @@ public class Realms extends AbstractComponent implements Iterable<Realm> {
List<Realm> nativeRealmsOnly = Collections.emptyList();
public Realms(Settings settings, Environment env, Map<String, Realm.Factory> factories, XPackLicenseState licenseState,
ReservedRealm reservedRealm) throws Exception {
ThreadContext threadContext, ReservedRealm reservedRealm) throws Exception {
super(settings);
this.env = env;
this.factories = factories;
this.licenseState = licenseState;
this.threadContext = threadContext;
this.reservedRealm = reservedRealm;
assert factories.get(ReservedRealm.TYPE) == null;
this.realms = initRealms();
@ -145,7 +148,7 @@ public class Realms extends AbstractComponent implements Iterable<Realm> {
if (factory == null) {
throw new IllegalArgumentException("unknown realm type [" + type + "] set for realm [" + name + "]");
}
RealmConfig config = new RealmConfig(name, realmSettings, settings, env);
RealmConfig config = new RealmConfig(name, realmSettings, settings, env, threadContext);
if (!config.enabled()) {
if (logger.isDebugEnabled()) {
logger.debug("realm [{}/{}] is disabled", type, name);
@ -221,11 +224,11 @@ public class Realms extends AbstractComponent implements Iterable<Realm> {
Realm.Factory fileRealm = factories.get(FileRealm.TYPE);
if (fileRealm != null) {
realms.add(fileRealm.create(new RealmConfig("default_" + FileRealm.TYPE, Settings.EMPTY, settings, env)));
realms.add(fileRealm.create(new RealmConfig("default_" + FileRealm.TYPE, Settings.EMPTY, settings, env, threadContext)));
}
Realm.Factory indexRealmFactory = factories.get(NativeRealm.TYPE);
if (indexRealmFactory != null) {
realms.add(indexRealmFactory.create(new RealmConfig("default_" + NativeRealm.TYPE, Settings.EMPTY, settings, env)));
realms.add(indexRealmFactory.create(new RealmConfig("default_" + NativeRealm.TYPE, Settings.EMPTY, settings, env, threadContext)));
}
}

5
plugin/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java
View File

@ -11,6 +11,7 @@ import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.Security;
@ -60,8 +61,8 @@ public class ReservedRealm extends CachingUsernamePasswordRealm {
private final SecurityLifecycleService securityLifecycleService;
public ReservedRealm(Environment env, Settings settings, NativeUsersStore nativeUsersStore, AnonymousUser anonymousUser,
SecurityLifecycleService securityLifecycleService) {
super(TYPE, new RealmConfig(TYPE, Settings.EMPTY, settings, env));
SecurityLifecycleService securityLifecycleService, ThreadContext threadContext) {
super(TYPE, new RealmConfig(TYPE, Settings.EMPTY, settings, env, threadContext));
this.nativeUsersStore = nativeUsersStore;
this.realmEnabled = XPackSettings.RESERVED_REALM_ENABLED_SETTING.get(settings);
this.anonymousUser = anonymousUser;

36
plugin/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java
View File

@ -9,6 +9,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import com.unboundid.ldap.sdk.LDAPException;
import org.apache.logging.log4j.Logger;
@ -16,19 +17,21 @@ import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.lucene.util.IOUtils;
import org.elasticsearch.ElasticsearchTimeoutException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.ContextPreservingActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPool.Names;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.RealmSettings;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapLoadBalancing;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.RealmSettings;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
@ -76,7 +79,7 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
final boolean hasSearchSettings = LdapUserSearchSessionFactory.hasUserSearchSettings(config);
final boolean hasTemplates = LdapSessionFactory.USER_DN_TEMPLATES_SETTING.exists(config.settings());
if (hasSearchSettings == false) {
if(hasTemplates == false) {
if (hasTemplates == false) {
throw new IllegalArgumentException("settings were not found for either user search [" +
RealmSettings.getFullSettingKey(config, LdapUserSearchSessionFactory.SEARCH_PREFIX) +
"] or user template [" +
@ -130,7 +133,7 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
// network threads stuck waiting for a socket to connect. After the bind, then all interaction with LDAP should be async
final CancellableLdapRunnable cancellableLdapRunnable = new CancellableLdapRunnable(listener,
() -> sessionFactory.session(token.principal(), token.credentials(),
new LdapSessionActionListener("authenticate", token.principal(), listener, roleMapper, logger)), logger);
contextPreservingListener(new LdapSessionActionListener("authenticate", token.principal(), listener))), logger);
threadPool.generic().execute(cancellableLdapRunnable);
threadPool.schedule(executionTimeout, Names.SAME, cancellableLdapRunnable::maybeTimeout);
}
@ -142,7 +145,7 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
// network threads stuck waiting for a socket to connect. After the bind, then all interaction with LDAP should be async
final CancellableLdapRunnable cancellableLdapRunnable = new CancellableLdapRunnable(listener,
() -> sessionFactory.unauthenticatedSession(username,
new LdapSessionActionListener("lookup", username, listener, roleMapper, logger)), logger);
contextPreservingListener(new LdapSessionActionListener("lookup", username, listener))), logger);
threadPool.generic().execute(cancellableLdapRunnable);
threadPool.schedule(executionTimeout, Names.SAME, cancellableLdapRunnable::maybeTimeout);
} else {
@ -150,6 +153,18 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
}
}
/**
* Wraps the provided <code>sessionListener</code> to preserve the {@link ThreadContext} associated with the
* current thread.
* Responses headers are not preserved, as they are not needed. Response output should not yet exist, nor should
* any be produced within the realm/ldap-session.
*/
private ContextPreservingActionListener<LdapSession> contextPreservingListener(LdapSessionActionListener sessionListener) {
final Supplier<ThreadContext.StoredContext> toRestore = config.threadContext().newRestorableContext(false);
return new ContextPreservingActionListener<>(toRestore,
sessionListener);
}
@Override
public Map<String, Object> usageStats() {
Map<String, Object> usage = super.usageStats();
@ -193,22 +208,17 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
* cases where the session is null or where an exception may be caught after a session has been established, which requires the
* closing of the session.
*/
private static class LdapSessionActionListener implements ActionListener<LdapSession> {
private class LdapSessionActionListener implements ActionListener<LdapSession> {
private final AtomicReference<LdapSession> ldapSessionAtomicReference = new AtomicReference<>();
private String action;
private Logger logger;
private final String username;
private final ActionListener<User> userActionListener;
private final DnRoleMapper roleMapper;
LdapSessionActionListener(String action, String username, ActionListener<User> userActionListener,
DnRoleMapper roleMapper, Logger logger) {
LdapSessionActionListener(String action, String username, ActionListener<User> userActionListener) {
this.action = action;
this.username = username;
this.userActionListener = userActionListener;
this.roleMapper = roleMapper;
this.logger = logger;
}
@Override
@ -226,10 +236,10 @@ public final class LdapRealm extends CachingUsernamePasswordRealm {
if (ldapSessionAtomicReference.get() != null) {
IOUtils.closeWhileHandlingException(ldapSessionAtomicReference.get());
}
logger.info("{} failed for user [{}]: {}", action, username, e.getMessage());
if (logger.isDebugEnabled()) {
logger.debug(new ParameterizedMessage("{} failed", action), e);
logger.debug(new ParameterizedMessage("Exception occurred during {} for {}", action, LdapRealm.this), e);
}
setFailedAuthenticationDetails(action + " failed", e);
userActionListener.onResponse(null);
}

9
plugin/src/test/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersActionTests.java
View File

@ -13,6 +13,7 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.SecurityLifecycleService;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
@ -76,7 +77,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
when(securityLifecycleService.securityIndexAvailable()).thenReturn(true);
AnonymousUser anonymousUser = new AnonymousUser(settings);
ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser, securityLifecycleService);
new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser, securityLifecycleService, new ThreadContext(Settings.EMPTY));
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
x -> null, null);
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
@ -148,7 +149,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
ReservedRealmTests.mockGetAllReservedUserInfo(usersStore, Collections.emptyMap());
ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings), securityLifecycleService);
new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings), securityLifecycleService, new ThreadContext(Settings.EMPTY));
PlainActionFuture<Collection<User>> userFuture = new PlainActionFuture<>();
reservedRealm.users(userFuture);
final Collection<User> allReservedUsers = userFuture.actionGet();
@ -191,8 +192,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
SecurityLifecycleService securityLifecycleService = mock(SecurityLifecycleService.class);
when(securityLifecycleService.securityIndexAvailable()).thenReturn(true);
ReservedRealmTests.mockGetAllReservedUserInfo(usersStore, Collections.emptyMap());
ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings), securityLifecycleService);
ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings),
securityLifecycleService, new ThreadContext(Settings.EMPTY));
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
x -> null, null);
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),

3
plugin/src/test/java/org/elasticsearch/xpack/security/action/user/TransportPutUserActionTests.java
View File

@ -12,6 +12,7 @@ import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.SecurityLifecycleService;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
@ -119,7 +120,7 @@ public class TransportPutUserActionTests extends ESTestCase {
ReservedRealmTests.mockGetAllReservedUserInfo(usersStore, Collections.emptyMap());
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
ReservedRealm reservedRealm = new ReservedRealm(new Environment(settings), settings, usersStore,
new AnonymousUser(settings), securityLifecycleService);
new AnonymousUser(settings), securityLifecycleService, new ThreadContext(settings));
PlainActionFuture<Collection<User>> userFuture = new PlainActionFuture<>();
reservedRealm.users(userFuture);
final User reserved = randomFrom(userFuture.actionGet().toArray(new User[0]));

13
plugin/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java
View File

@ -11,7 +11,6 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.lucene.util.SetOnce;
import org.elasticsearch.ElasticsearchException;
@ -84,6 +83,8 @@ public class AuthenticationServiceTests extends ESTestCase {
token = mock(AuthenticationToken.class);
message = new InternalMessage();
restRequest = new FakeRestRequest();
threadContext = new ThreadContext(Settings.EMPTY);
firstRealm = mock(Realm.class);
when(firstRealm.type()).thenReturn("file");
when(firstRealm.name()).thenReturn("file_realm");
@ -97,12 +98,11 @@ public class AuthenticationServiceTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.allowedRealmType()).thenReturn(XPackLicenseState.AllowedRealmType.ALL);
when(licenseState.isAuthAllowed()).thenReturn(true);
realms = new TestRealms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(),
licenseState, mock(ReservedRealm.class), Arrays.asList(firstRealm, secondRealm), Collections.singletonList(firstRealm));
realms = new TestRealms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), licenseState,
threadContext, mock(ReservedRealm.class), Arrays.asList(firstRealm, secondRealm), Collections.singletonList(firstRealm));
auditTrail = mock(AuditTrailService.class);
threadPool = mock(ThreadPool.class);
threadContext = new ThreadContext(Settings.EMPTY);
when(threadPool.getThreadContext()).thenReturn(threadContext);
service = new AuthenticationService(settings, realms, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings));
@ -805,8 +805,9 @@ public class AuthenticationServiceTests extends ESTestCase {
static class TestRealms extends Realms {
TestRealms(Settings settings, Environment env, Map<String, Factory> factories, XPackLicenseState licenseState,
ReservedRealm reservedRealm, List<Realm> realms, List<Realm> internalRealms) throws Exception {
super(settings, env, factories, licenseState, reservedRealm);
ThreadContext threadContext, ReservedRealm reservedRealm, List<Realm> realms, List<Realm> internalRealms)
throws Exception {
super(settings, env, factories, licenseState, threadContext, reservedRealm);
this.realms = realms;
this.internalRealmsOnly = internalRealms;
}

20
plugin/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
View File

@ -40,6 +40,7 @@ import static org.mockito.Mockito.when;
public class RealmsTests extends ESTestCase {
private Map<String, Realm.Factory> factories;
private XPackLicenseState licenseState;
private ThreadContext threadContext;
private ReservedRealm reservedRealm;
@Before
@ -52,6 +53,7 @@ public class RealmsTests extends ESTestCase {
factories.put(name, config -> new DummyRealm(name, config));
}
licenseState = mock(XPackLicenseState.class);
threadContext = new ThreadContext(Settings.EMPTY);
reservedRealm = mock(ReservedRealm.class);
when(licenseState.isAuthAllowed()).thenReturn(true);
when(licenseState.allowedRealmType()).thenReturn(AllowedRealmType.ALL);
@ -74,7 +76,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm);
Iterator<Realm> iterator = realms.iterator();
assertThat(iterator.hasNext(), is(true));
@ -102,7 +104,7 @@ public class RealmsTests extends ESTestCase {
.build();
Environment env = new Environment(settings);
try {
new Realms(settings, env, factories, licenseState, reservedRealm);
new Realms(settings, env, factories, licenseState, threadContext, reservedRealm);
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("multiple [file] realms are configured"));
@ -111,7 +113,7 @@ public class RealmsTests extends ESTestCase {
public void testWithEmptySettings() throws Exception {
Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()),
factories, licenseState, reservedRealm);
factories, licenseState, threadContext, reservedRealm);
Iterator<Realm> iter = realms.iterator();
assertThat(iter.hasNext(), is(true));
Realm realm = iter.next();
@ -143,7 +145,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm);
// this is the iterator when licensed
Iterator<Realm> iter = realms.iterator();
@ -204,7 +206,7 @@ public class RealmsTests extends ESTestCase {
.put("xpack.security.authc.realms.custom.order", "1");
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm );
Iterator<Realm> iter = realms.iterator();
assertThat(iter.hasNext(), is(true));
Realm realm = iter.next();
@ -260,7 +262,7 @@ public class RealmsTests extends ESTestCase {
.put("xpack.security.authc.realms.native.order", "1");
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm );
Iterator<Realm> iter = realms.iterator();
assertThat(iter.hasNext(), is(true));
Realm realm = iter.next();
@ -305,7 +307,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm );
Iterator<Realm> iterator = realms.iterator();
Realm realm = iterator.next();
assertThat(realm, is(reservedRealm));
@ -342,7 +344,7 @@ public class RealmsTests extends ESTestCase {
.put("xpack.security.authc.realms.realm_1.order", 0)
.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm );
assertThat(realms.iterator().hasNext(), is(true));
@ -360,7 +362,7 @@ public class RealmsTests extends ESTestCase {
.put("xpack.security.authc.realms.bar.order", "1");
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm);
Realms realms = new Realms(settings, env, factories, licenseState, threadContext, reservedRealm );
Map<String, Object> usageStats = realms.usageStats();
assertThat(usageStats.size(), is(factories.size()));

33
plugin/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmTests.java
View File

@ -10,6 +10,7 @@ import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.SecurityLifecycleService;
@ -75,7 +76,7 @@ public class ReservedRealmTests extends ESTestCase {
when(securityLifecycleService.checkSecurityMappingVersion(any())).thenReturn(false);
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
final String principal = randomFrom(ElasticUser.NAME, KibanaUser.NAME, LogstashSystemUser.NAME);
PlainActionFuture<User> future = new PlainActionFuture<>();
@ -97,7 +98,7 @@ public class ReservedRealmTests extends ESTestCase {
}
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
PlainActionFuture<User> listener = new PlainActionFuture<>();
reservedRealm.doAuthenticate(new UsernamePasswordToken(principal, DEFAULT_PASSWORD), listener);
@ -119,7 +120,8 @@ public class ReservedRealmTests extends ESTestCase {
final Environment environment = mock(Environment.class);
final AnonymousUser anonymousUser = new AnonymousUser(Settings.EMPTY);
final Settings settings = Settings.builder().put(ACCEPT_DEFAULT_PASSWORDS, false).build();
final ReservedRealm reservedRealm = new ReservedRealm(environment, settings, usersStore, anonymousUser, securityLifecycleService);
final ReservedRealm reservedRealm = new ReservedRealm(environment, settings, usersStore, anonymousUser,
securityLifecycleService, new ThreadContext(Settings.EMPTY));
final ActionListener<User> listener = new ActionListener<User>() {
@Override
@ -144,7 +146,7 @@ public class ReservedRealmTests extends ESTestCase {
}
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore,
new AnonymousUser(settings), securityLifecycleService);
new AnonymousUser(settings), securityLifecycleService, new ThreadContext(Settings.EMPTY));
final User expected = randomFrom(new ElasticUser(true), new KibanaUser(true), new LogstashSystemUser(true));
final String principal = expected.principal();
@ -166,7 +168,7 @@ public class ReservedRealmTests extends ESTestCase {
private void verifySuccessfulAuthentication(boolean enabled) {
final Settings settings = Settings.builder().put(ACCEPT_DEFAULT_PASSWORDS, randomBoolean()).build();
final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore,
new AnonymousUser(settings), securityLifecycleService);
new AnonymousUser(settings), securityLifecycleService, new ThreadContext(Settings.EMPTY));
final User expectedUser = randomFrom(new ElasticUser(enabled), new KibanaUser(enabled), new LogstashSystemUser(enabled));
final String principal = expectedUser.principal();
final SecuredString newPassword = new SecuredString("foobar".toCharArray());
@ -208,7 +210,7 @@ public class ReservedRealmTests extends ESTestCase {
public void testLookup() throws Exception {
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
final User expectedUser = randomFrom(new ElasticUser(true), new KibanaUser(true), new LogstashSystemUser(true));
final String principal = expectedUser.principal();
@ -232,7 +234,8 @@ public class ReservedRealmTests extends ESTestCase {
public void testLookupDisabled() throws Exception {
Settings settings = Settings.builder().put(XPackSettings.RESERVED_REALM_ENABLED_SETTING.getKey(), false).build();
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings), securityLifecycleService);
new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings),
securityLifecycleService, new ThreadContext(Settings.EMPTY));
final User expectedUser = randomFrom(new ElasticUser(true), new KibanaUser(true), new LogstashSystemUser(true));
final String principal = expectedUser.principal();
@ -246,7 +249,7 @@ public class ReservedRealmTests extends ESTestCase {
public void testLookupThrows() throws Exception {
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
final User expectedUser = randomFrom(new ElasticUser(true), new KibanaUser(true), new LogstashSystemUser(true));
final String principal = expectedUser.principal();
when(securityLifecycleService.securityIndexExists()).thenReturn(true);
@ -292,9 +295,8 @@ public class ReservedRealmTests extends ESTestCase {
}
public void testGetUsers() {
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
PlainActionFuture<Collection<User>> userFuture = new PlainActionFuture<>();
reservedRealm.users(userFuture);
assertThat(userFuture.actionGet(), containsInAnyOrder(new ElasticUser(true), new KibanaUser(true),
@ -308,8 +310,8 @@ public class ReservedRealmTests extends ESTestCase {
.put(AnonymousUser.ROLES_SETTING.getKey(), anonymousEnabled ? "user" : "")
.build();
final AnonymousUser anonymousUser = new AnonymousUser(settings);
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser, securityLifecycleService);
final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser,
securityLifecycleService, new ThreadContext(Settings.EMPTY));
PlainActionFuture<Collection<User>> userFuture = new PlainActionFuture<>();
reservedRealm.users(userFuture);
if (anonymousEnabled) {
@ -320,9 +322,8 @@ public class ReservedRealmTests extends ESTestCase {
}
public void testFailedAuthentication() {
final ReservedRealm reservedRealm =
new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService);
final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
new AnonymousUser(Settings.EMPTY), securityLifecycleService, new ThreadContext(Settings.EMPTY));
// maybe cache a successful auth
if (randomBoolean()) {
PlainActionFuture<User> future = new PlainActionFuture<>();

17
plugin/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.security.authc.file;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
@ -49,7 +50,7 @@ public class FileRealmTests extends ESTestCase {
public void testAuthenticate() throws Exception {
when(userPasswdStore.verifyPassword("user1", SecuredStringTests.build("test123"))).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
PlainActionFuture<User> future = new PlainActionFuture<>();
realm.authenticate(new UsernamePasswordToken("user1", SecuredStringTests.build("test123")), future);
@ -65,7 +66,7 @@ public class FileRealmTests extends ESTestCase {
Settings settings = Settings.builder()
.put("cache.hash_algo", Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT))
.build();
RealmConfig config = new RealmConfig("file-test", settings, globalSettings);
RealmConfig config = new RealmConfig("file-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
when(userPasswdStore.verifyPassword("user1", SecuredStringTests.build("test123"))).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"});
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
@ -79,7 +80,7 @@ public class FileRealmTests extends ESTestCase {
}
public void testAuthenticateCachingRefresh() throws Exception {
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
userPasswdStore = spy(new UserPasswdStore(config));
userRolesStore = spy(new UserRolesStore(config));
doReturn(true).when(userPasswdStore).verifyPassword("user1", SecuredStringTests.build("test123"));
@ -117,7 +118,7 @@ public class FileRealmTests extends ESTestCase {
}
public void testToken() throws Exception {
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
when(userPasswdStore.verifyPassword("user1", SecuredStringTests.build("test123"))).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"});
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
@ -135,7 +136,7 @@ public class FileRealmTests extends ESTestCase {
public void testLookup() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
PlainActionFuture<User> future = new PlainActionFuture<>();
@ -152,7 +153,7 @@ public class FileRealmTests extends ESTestCase {
public void testLookupCaching() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
PlainActionFuture<User> future = new PlainActionFuture<>();
@ -167,7 +168,7 @@ public class FileRealmTests extends ESTestCase {
}
public void testLookupCachingWithRefresh() throws Exception {
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("file-test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
userPasswdStore = spy(new UserPasswdStore(config));
userRolesStore = spy(new UserRolesStore(config));
doReturn(true).when(userPasswdStore).userExists("user1");
@ -213,7 +214,7 @@ public class FileRealmTests extends ESTestCase {
int order = randomIntBetween(0, 10);
settings.put("order", order);
RealmConfig config = new RealmConfig("file-realm", settings.build(), globalSettings);
RealmConfig config = new RealmConfig("file-realm", settings.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore);
Map<String, Object> usage = realm.usageStats();

6
plugin/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java
View File

@ -71,7 +71,7 @@ public class FileUserPasswdStoreTests extends ESTestCase {
Files.write(file, Collections.singletonList("aldlfkjldjdflkjd"), StandardCharsets.UTF_16);
Settings fileSettings = randomBoolean() ? Settings.EMPTY : Settings.builder().put("files.users", file.toAbsolutePath()).build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, threadPool.getThreadContext());
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
FileUserPasswdStore store = new FileUserPasswdStore(config, watcherService);
assertThat(store.usersCount(), is(0));
@ -85,7 +85,7 @@ public class FileUserPasswdStoreTests extends ESTestCase {
Files.copy(users, file, StandardCopyOption.REPLACE_EXISTING);
Settings fileSettings = randomBoolean() ? Settings.EMPTY : Settings.builder().put("files.users", file.toAbsolutePath()).build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, threadPool.getThreadContext());
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1);
@ -120,7 +120,7 @@ public class FileUserPasswdStoreTests extends ESTestCase {
.put("files.users", testUsers.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, threadPool.getThreadContext());
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1);

9
plugin/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java
View File

@ -9,6 +9,7 @@ import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
@ -76,7 +77,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
.put("files.users_roles", file.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, new ThreadContext(Settings.EMPTY));
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
FileUserRolesStore store = new FileUserRolesStore(config, watcherService);
assertThat(store.entriesCount(), is(0));
@ -91,7 +92,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
.put("files.users_roles", tmp.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, new ThreadContext(Settings.EMPTY));
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1);
@ -129,7 +130,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
.put("files.users_roles", tmp.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, new ThreadContext(Settings.EMPTY));
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1);
@ -220,7 +221,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
.build();
Environment env = new Environment(settings);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env);
RealmConfig config = new RealmConfig("file-test", fileSettings, settings, env, new ThreadContext(Settings.EMPTY));
ResourceWatcherService watcherService = new ResourceWatcherService(settings, threadPool);
FileUserRolesStore store = new FileUserRolesStore(config, watcherService);
assertThat(store.roles("user"), equalTo(Strings.EMPTY_ARRAY));

17
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectoryRealmTests.java
View File

@ -16,6 +16,7 @@ import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.authc.RealmConfig;
@ -130,7 +131,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
public void testAuthenticateUserPrincipleName() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateUserPrincipleName", settings, globalSettings);
RealmConfig config = new RealmConfig("testAuthenticateUserPrincipleName", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -144,7 +145,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
public void testAuthenticateSAMAccountName() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateSAMAccountName", settings, globalSettings);
RealmConfig config = new RealmConfig("testAuthenticateSAMAccountName", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -168,7 +169,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
public void testAuthenticateCachesSuccesfulAuthentications() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateCachesSuccesfulAuthentications", settings, globalSettings);
RealmConfig config = new RealmConfig("testAuthenticateCachesSuccesfulAuthentications", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = spy(new ActiveDirectorySessionFactory(config, sslService));
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -186,7 +187,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
public void testAuthenticateCachingCanBeDisabled() throws Exception {
Settings settings = settings(Settings.builder().put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), -1).build());
RealmConfig config = new RealmConfig("testAuthenticateCachingCanBeDisabled", settings, globalSettings);
RealmConfig config = new RealmConfig("testAuthenticateCachingCanBeDisabled", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = spy(new ActiveDirectorySessionFactory(config, sslService));
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -204,7 +205,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
public void testAuthenticateCachingClearsCacheOnRoleMapperRefresh() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateCachingClearsCacheOnRoleMapperRefresh", settings, globalSettings);
RealmConfig config = new RealmConfig("testAuthenticateCachingClearsCacheOnRoleMapperRefresh", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = spy(new ActiveDirectorySessionFactory(config, sslService));
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -235,7 +236,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
Settings settings = settings(Settings.builder()
.put(ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml"))
.build());
RealmConfig config = new RealmConfig("testRealmMapsGroupsToRoles", settings, globalSettings);
RealmConfig config = new RealmConfig("testRealmMapsGroupsToRoles", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -251,7 +252,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
Settings settings = settings(Settings.builder()
.put(ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml"))
.build());
RealmConfig config = new RealmConfig("testRealmMapsGroupsToRoles", settings, globalSettings);
RealmConfig config = new RealmConfig("testRealmMapsGroupsToRoles", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);
@ -269,7 +270,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
.put(ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml"))
.put("load_balance.type", loadBalanceType)
.build());
RealmConfig config = new RealmConfig("testRealmUsageStats", settings, globalSettings);
RealmConfig config = new RealmConfig("testRealmUsageStats", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
DnRoleMapper roleMapper = new DnRoleMapper(LdapRealm.AD_TYPE, config, resourceWatcherService);
LdapRealm realm = new LdapRealm(LdapRealm.AD_TYPE, config, sessionFactory, roleMapper, threadPool);

32
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java
View File

@ -9,7 +9,9 @@ import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.UncategorizedExecutionException;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
@ -44,7 +46,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testAdAuth() throws Exception {
RealmConfig config = new RealmConfig("ad-test",
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
globalSettings);
globalSettings, new ThreadContext(Settings.EMPTY));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config,
sslService);
@ -66,7 +68,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testNetbiosAuth() throws Exception {
final String adUrl = randomFrom("ldap://54.213.145.20:3268", "ldaps://54.213.145.20:3269", AD_LDAP_URL);
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false), globalSettings);
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String userName = "ades\\ironman";
@ -93,7 +95,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.put(SessionFactory.TIMEOUT_TCP_READ_SETTING, "1ms")
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
PlainActionFuture<List<String>> groups = new PlainActionFuture<>();
@ -103,7 +105,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
}
public void testAdAuthAvengers() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings);
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String[] users = new String[]{"cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow", };
@ -118,7 +120,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testAuthenticate() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String userName = "hulk";
@ -140,7 +142,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testAuthenticateBaseUserSearch() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Bruce Banner, CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.BASE, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String userName = "hulk";
@ -166,7 +168,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
"CN=Avengers,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
.put(ActiveDirectorySessionFactory.AD_GROUP_SEARCH_SCOPE_SETTING, LdapSearchScope.BASE)
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String userName = "hulk";
@ -181,7 +183,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testAuthenticateWithUserPrincipalName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
//Login with the UserPrincipalName
@ -199,7 +201,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
public void testAuthenticateWithSAMAccountName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
//login with sAMAccountName
@ -223,7 +225,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put(ActiveDirectorySessionFactory.AD_USER_SEARCH_FILTER_SETTING,
"(&(objectclass=user)(userPrincipalName={0}@ad.test.elasticsearch.com))")
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
//Login with the UserPrincipalName
@ -255,7 +257,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put("ssl.truststore.password", "changeit")
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Bruce Banner";
@ -289,7 +291,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put("ssl.truststore.password", "changeit")
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Bruce Banner";
@ -317,7 +319,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put("ssl.truststore.password", "changeit")
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Bruce Banner";
@ -333,7 +335,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
}
public void testAdAuthWithHostnameVerification() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, true), globalSettings);
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, true), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, sslService);
String userName = "ironman";
@ -352,7 +354,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
.put(LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("ssl.verification_mode", VerificationMode.FULL)
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Bruce Banner";

25
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
View File

@ -9,6 +9,7 @@ import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
@ -79,7 +80,7 @@ public class LdapRealmTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
LdapRealm ldap = new LdapRealm(LdapRealm.LDAP_TYPE, config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
threadPool);
@ -101,7 +102,7 @@ public class LdapRealmTests extends LdapTestCase {
Settings settings = Settings.builder()
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL))
.build();
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
LdapRealm ldap =
@ -124,7 +125,7 @@ public class LdapRealmTests extends LdapTestCase {
Settings settings = Settings.builder()
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.build();
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
ldapFactory = spy(ldapFactory);
@ -147,7 +148,7 @@ public class LdapRealmTests extends LdapTestCase {
Settings settings = Settings.builder()
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.build();
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
DnRoleMapper roleMapper = buildGroupAsRoleMapper(resourceWatcherService);
@ -180,7 +181,7 @@ public class LdapRealmTests extends LdapTestCase {
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), -1)
.build();
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
ldapFactory = spy(ldapFactory);
@ -207,7 +208,7 @@ public class LdapRealmTests extends LdapTestCase {
.put("group_search.scope", LdapSearchScope.SUB_TREE)
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.build();
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
SessionFactory sessionFactory = LdapRealm.sessionFactory(config, sslService, LdapRealm.LDAP_TYPE);
assertThat(sessionFactory, is(instanceOf(LdapSessionFactory.class)));
}
@ -223,7 +224,7 @@ public class LdapRealmTests extends LdapTestCase {
.put("group_search.scope", LdapSearchScope.SUB_TREE)
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.build();
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
SessionFactory sessionFactory = LdapRealm.sessionFactory(config, sslService, LdapRealm.LDAP_TYPE);
try {
assertThat(sessionFactory, is(instanceOf(LdapUserSearchSessionFactory.class)));
@ -241,7 +242,7 @@ public class LdapRealmTests extends LdapTestCase {
.put("group_search.scope", LdapSearchScope.SUB_TREE)
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.build();
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
() -> LdapRealm.sessionFactory(config, null, LdapRealm.LDAP_TYPE));
assertThat(e.getMessage(),
@ -257,7 +258,7 @@ public class LdapRealmTests extends LdapTestCase {
.put("group_search.scope", LdapSearchScope.SUB_TREE)
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.build();
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm-user-search", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
() -> LdapRealm.sessionFactory(config, null, LdapRealm.LDAP_TYPE));
assertThat(e.getMessage(),
@ -274,7 +275,7 @@ public class LdapRealmTests extends LdapTestCase {
.put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING.getKey(),
getDataPath("/org/elasticsearch/xpack/security/authc/support/role_mapping.yml"))
.build();
RealmConfig config = new RealmConfig("test-ldap-realm-userdn", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm-userdn", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
LdapRealm ldap = new LdapRealm(LdapRealm.LDAP_TYPE, config, ldapFactory,
@ -299,7 +300,7 @@ public class LdapRealmTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = buildLdapSettings(new String[] { url.toString() }, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test-ldap-realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
LdapRealm ldap = new LdapRealm(LdapRealm.LDAP_TYPE, config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
threadPool);
@ -329,7 +330,7 @@ public class LdapRealmTests extends LdapTestCase {
settings.put("user_search.base_dn", "");
}
RealmConfig config = new RealmConfig("ldap-realm", settings.build(), globalSettings);
RealmConfig config = new RealmConfig("ldap-realm", settings.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService);
LdapRealm realm = new LdapRealm(LdapRealm.LDAP_TYPE, config, ldapFactory,

15
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java
View File

@ -9,6 +9,7 @@ import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.UncategorizedExecutionException;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
@ -54,7 +55,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
.put("path.home", createTempDir())
.build();
RealmConfig config = new RealmConfig("ldap_realm", settings, globalSettings);
RealmConfig config = new RealmConfig("ldap_realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Horatio Hornblower";
SecuredString userPass = SecuredStringTests.build("pass");
@ -84,7 +85,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
.put(SessionFactory.TIMEOUT_TCP_CONNECTION_SETTING, "1ms") //1 millisecond
.build();
RealmConfig config = new RealmConfig("ldap_realm", settings, globalSettings);
RealmConfig config = new RealmConfig("ldap_realm", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "Horatio Hornblower";
SecuredString userPass = SecuredStringTests.build("pass");
@ -106,7 +107,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
"cn={0},ou=people,o=sevenSeas", //this last one should work
};
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase,
LdapSearchScope.SUB_TREE), globalSettings);
LdapSearchScope.SUB_TREE), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
@ -127,7 +128,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
"asdf={0},ou=people,o=sevenSeas", //none of these should work
};
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase,
LdapSearchScope.SUB_TREE), globalSettings);
LdapSearchScope.SUB_TREE), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService);
@ -145,7 +146,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase,
LdapSearchScope.SUB_TREE), globalSettings);
LdapSearchScope.SUB_TREE), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService);
@ -162,7 +163,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase,
LdapSearchScope.ONE_LEVEL), globalSettings);
LdapSearchScope.ONE_LEVEL), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService);
@ -177,7 +178,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase,
LdapSearchScope.BASE), globalSettings);
LdapSearchScope.BASE), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService);

172
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java
View File

@ -16,12 +16,12 @@ import com.unboundid.ldap.sdk.SingleServerSet;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
import org.elasticsearch.xpack.ssl.SSLService;
@ -66,13 +66,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
public void testSupportsUnauthenticatedSessions() throws Exception {
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, "", LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", "")
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, "", LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", "")
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
try {
@ -87,13 +87,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -122,14 +122,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.BASE)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.BASE)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -149,14 +149,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "cn=William Bush,ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.BASE)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.BASE)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -185,14 +185,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.ONE_LEVEL)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.ONE_LEVEL)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -212,14 +212,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.ONE_LEVEL)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.scope", LdapSearchScope.ONE_LEVEL)
.put("user_search.attribute", "cn")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -248,13 +248,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "uid1")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.attribute", "uid1")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -274,12 +274,12 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
@ -325,7 +325,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
Settings fullSettings = builder.build();
sslService = new SSLService(fullSettings, new Environment(fullSettings));
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, sslService);
String user = "Bruce Banner";
@ -361,13 +361,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
String userSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
RealmConfig config = new RealmConfig("oldap-test", Settings.builder()
.put(LdapTestCase.buildLdapSettings(new String[] { OpenLdapTests.OPEN_LDAP_URL }, Strings.EMPTY_ARRAY, groupSearchBase,
LdapSearchScope.ONE_LEVEL))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "uid=blackwidow,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com")
.put("bind_password", OpenLdapTests.PASSWORD)
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings);
.put(LdapTestCase.buildLdapSettings(new String[] { OpenLdapTests.OPEN_LDAP_URL }, Strings.EMPTY_ARRAY, groupSearchBase,
LdapSearchScope.ONE_LEVEL))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "uid=blackwidow,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com")
.put("bind_password", OpenLdapTests.PASSWORD)
.put("user_search.pool.enabled", randomBoolean())
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
Settings.Builder builder = Settings.builder()
.put(globalSettings);
for (Map.Entry<String, String> entry : config.settings().getAsMap().entrySet()) {
@ -403,11 +403,11 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost",
randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE);
@ -429,14 +429,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.pool.initial_size", 10)
.put("user_search.pool.size", 12)
.put("user_search.pool.health_check.enabled", false)
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas")
.put("bind_password", "pass")
.put("user_search.pool.initial_size", 10)
.put("user_search.pool.size", 12)
.put("user_search.pool.health_check.enabled", false)
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost",
randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE);
@ -454,10 +454,10 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", Settings.builder()
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_password", "pass")
.build(), globalSettings);
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", userSearchBase)
.put("bind_password", "pass")
.build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory searchSessionFactory = null;
try {
@ -506,7 +506,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
.put("user_search.pool.enabled", randomBoolean())
.build();
RealmConfig config = new RealmConfig("ldap_realm", ldapSettings, globalSettings);
RealmConfig config = new RealmConfig("ldap_realm", ldapSettings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
LdapUserSearchSessionFactory searchSessionFactory = null;
try {
searchSessionFactory = new LdapUserSearchSessionFactory(config, sslService);

11
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.security.authc.ldap;
import com.unboundid.ldap.sdk.LDAPException;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.UncategorizedExecutionException;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
@ -79,7 +80,7 @@ public class OpenLdapTests extends ESTestCase {
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
LdapSearchScope.ONE_LEVEL), globalSettings);
LdapSearchScope.ONE_LEVEL), globalSettings, new ThreadContext(Settings.EMPTY));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
@ -96,7 +97,7 @@ public class OpenLdapTests extends ESTestCase {
String groupSearchBase = "cn=Avengers,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
LdapSearchScope.BASE), globalSettings);
LdapSearchScope.BASE), globalSettings, new ThreadContext(Settings.EMPTY));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
@ -115,7 +116,7 @@ public class OpenLdapTests extends ESTestCase {
.put("group_search.filter", "(&(objectclass=posixGroup)(memberUID={0}))")
.put("group_search.user_attribute", "uid")
.build();
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
try (LdapSession ldap = session(sessionFactory, "selvig", SecuredStringTests.build(PASSWORD))){
@ -133,7 +134,7 @@ public class OpenLdapTests extends ESTestCase {
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
.put(SessionFactory.TIMEOUT_TCP_READ_SETTING, "1ms") //1 millisecond
.build();
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
LDAPException expected = expectThrows(LDAPException.class,
@ -150,7 +151,7 @@ public class OpenLdapTests extends ESTestCase {
.put("ssl.verification_mode", VerificationMode.FULL)
.build();
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings);
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService);
String user = "blackwidow";

3
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java
View File

@ -12,6 +12,7 @@ import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
import org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory;
@ -133,7 +134,7 @@ public abstract class LdapTestCase extends ESTestCase {
.put(DnRoleMapper.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.getKey(), true)
.build();
Settings global = Settings.builder().put("path.home", createTempDir()).build();
RealmConfig config = new RealmConfig("ldap1", settings, global);
RealmConfig config = new RealmConfig("ldap1", settings, global, new ThreadContext(Settings.EMPTY));
return new DnRoleMapper(LdapRealm.LDAP_TYPE, config, resourceWatcherService);
}

3
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java
View File

@ -9,6 +9,7 @@ import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.sdk.LDAPConnection;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -167,7 +168,7 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase {
Settings settings = buildLdapSettings(ldapUrls(), new String[] { userTemplate }, groupSearchBase,
LdapSearchScope.SUB_TREE, loadBalancing);
RealmConfig config = new RealmConfig("test-session-factory", settings, Settings.builder().put("path.home",
createTempDir()).build());
createTempDir()).build(), new ThreadContext(Settings.EMPTY));
return new TestSessionFactory(config, new SSLService(Settings.EMPTY, new Environment(config.globalSettings())));
}

16
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java
View File

@ -11,6 +11,7 @@ import com.unboundid.util.ssl.TrustAllSSLSocketVerifier;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -27,7 +28,8 @@ public class SessionFactoryTests extends ESTestCase {
public void testConnectionFactoryReturnsCorrectLDAPConnectionOptionsWithDefaultSettings() throws Exception {
final Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build());
RealmConfig realmConfig = new RealmConfig("conn settings", Settings.EMPTY, environment.settings(), environment);
RealmConfig realmConfig = new RealmConfig("conn settings", Settings.EMPTY, environment.settings(), environment,
new ThreadContext(Settings.EMPTY));
LDAPConnectionOptions options = SessionFactory.connectionOptions(realmConfig, new SSLService(environment.settings(), environment),
logger);
assertThat(options.followReferrals(), is(equalTo(true)));
@ -46,7 +48,7 @@ public class SessionFactoryTests extends ESTestCase {
.build();
final Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build());
RealmConfig realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment);
RealmConfig realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment, new ThreadContext(Settings.EMPTY));
LDAPConnectionOptions options = SessionFactory.connectionOptions(realmConfig, new SSLService(environment.settings(), environment),
logger);
assertThat(options.followReferrals(), is(equalTo(false)));
@ -58,19 +60,19 @@ public class SessionFactoryTests extends ESTestCase {
"removed in a future version. use [xpack.security.authc.realms.conn settings.ssl.verification_mode] instead");
settings = Settings.builder().put("ssl.verification_mode", VerificationMode.CERTIFICATE).build();
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment);
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment, new ThreadContext(Settings.EMPTY));
options = SessionFactory.connectionOptions(realmConfig, new SSLService(environment.settings(), environment),
logger);
assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
settings = Settings.builder().put("ssl.verification_mode", VerificationMode.NONE).build();
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment);
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment, new ThreadContext(Settings.EMPTY));
options = SessionFactory.connectionOptions(realmConfig, new SSLService(environment.settings(), environment),
logger);
assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
settings = Settings.builder().put("ssl.verification_mode", VerificationMode.FULL).build();
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment);
realmConfig = new RealmConfig("conn settings", settings, environment.settings(), environment, new ThreadContext(Settings.EMPTY));
options = SessionFactory.connectionOptions(realmConfig, new SSLService(environment.settings(), environment),
logger);
assertThat(options.getSSLSocketVerifier(), is(instanceOf(HostNameSSLSocketVerifier.class)));
@ -88,7 +90,9 @@ public class SessionFactoryTests extends ESTestCase {
private SessionFactory createSessionFactory() {
Settings global = Settings.builder().put("path.home", createTempDir()).build();
return new SessionFactory(new RealmConfig("_name", Settings.builder().put("url", "ldap://localhost:389").build(), global), null) {
final RealmConfig realmConfig = new RealmConfig("_name", Settings.builder().put("url", "ldap://localhost:389").build(),
global, new ThreadContext(Settings.EMPTY));
return new SessionFactory(realmConfig, null) {
@Override
public void session(String user, SecuredString password, ActionListener<LdapSession> listener) {

18
plugin/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java
View File

@ -55,7 +55,7 @@ public class PkiRealmTests extends ESTestCase {
}
public void testTokenSupport() {
RealmConfig config = new RealmConfig("", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings));
PkiRealm realm = new PkiRealm(config, mock(DnRoleMapper.class), sslService);
assertThat(realm.supports(null), is(false));
@ -67,7 +67,7 @@ public class PkiRealmTests extends ESTestCase {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
threadContext.putTransient(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[] { certificate });
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), mock(DnRoleMapper.class), sslService);
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)), mock(DnRoleMapper.class), sslService);
X509AuthenticationToken token = realm.token(threadContext);
assertThat(token, is(notNullValue()));
@ -80,7 +80,7 @@ public class PkiRealmTests extends ESTestCase {
X509AuthenticationToken token = new X509AuthenticationToken(new X509Certificate[] { certificate }, "Elasticsearch Test Node",
"CN=Elasticsearch Test Node,");
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), roleMapper, sslService);
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)), roleMapper, sslService);
when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.<String>emptySet());
PlainActionFuture<User> future = new PlainActionFuture<>();
@ -95,7 +95,7 @@ public class PkiRealmTests extends ESTestCase {
public void testCustomUsernamePattern() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.builder().put("username_pattern", "OU=(.*?),").build(), globalSettings),
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.builder().put("username_pattern", "OU=(.*?),").build(), globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)),
roleMapper, sslService);
when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.<String>emptySet());
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
@ -118,7 +118,7 @@ public class PkiRealmTests extends ESTestCase {
.put("truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
.put("truststore.password", "testnode")
.build();
PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper, sslService);
PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)), roleMapper, sslService);
when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.<String>emptySet());
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
@ -142,7 +142,7 @@ public class PkiRealmTests extends ESTestCase {
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
.put("truststore.password", "testnode-client-profile")
.build();
PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper, sslService);
PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)), roleMapper, sslService);
when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.<String>emptySet());
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
@ -161,7 +161,7 @@ public class PkiRealmTests extends ESTestCase {
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
.build();
try {
new PkiRealm(new RealmConfig("mypki", settings, globalSettings), mock(DnRoleMapper.class), sslService);
new PkiRealm(new RealmConfig("mypki", settings, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)), mock(DnRoleMapper.class), sslService);
fail("exception should have been thrown");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("[xpack.security.authc.realms.mypki.truststore.password] is not configured"));
@ -211,7 +211,7 @@ public class PkiRealmTests extends ESTestCase {
.build();
IllegalStateException e = expectThrows(IllegalStateException.class,
() -> new PkiRealm(new RealmConfig("", Settings.EMPTY, settings), mock(DnRoleMapper.class),
() -> new PkiRealm(new RealmConfig("", Settings.EMPTY, settings, new Environment(settings), new ThreadContext(settings)), mock(DnRoleMapper.class),
new SSLService(settings, new Environment(settings))));
assertThat(e.getMessage(), containsString("has SSL with client authentication enabled"));
}
@ -223,7 +223,7 @@ public class PkiRealmTests extends ESTestCase {
.put("xpack.security.http.ssl.enabled", true)
.put("xpack.security.http.ssl.client_authentication", randomFrom(SSLClientAuth.OPTIONAL, SSLClientAuth.REQUIRED))
.build();
new PkiRealm(new RealmConfig("", Settings.EMPTY, settings), mock(DnRoleMapper.class),
new PkiRealm(new RealmConfig("", Settings.EMPTY, settings, new Environment(settings), new ThreadContext(settings)), mock(DnRoleMapper.class),
new SSLService(settings, new Environment(settings)));
}

15
plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java
View File

@ -9,6 +9,7 @@ import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.user.User;
@ -47,7 +48,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
.build();
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings);
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings, new ThreadContext(Settings.EMPTY));
CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
@Override
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<User> listener) {
@ -214,7 +215,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
final SecuredString randomPassword = new SecuredString(randomAlphaOfLength(password.length()).toCharArray());
final String passwordHash = new String(Hasher.BCRYPT.hash(password));
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
@Override
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<User> listener) {
@ -276,7 +277,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
public void testUserLookupConcurrency() throws Exception {
final String username = "username";
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings);
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
@Override
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<User> listener) {
@ -328,7 +329,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
static class FailingAuthenticationRealm extends CachingUsernamePasswordRealm {
FailingAuthenticationRealm(Settings settings, Settings global) {
super("failing", new RealmConfig("failing-test", settings, global));
super("failing", new RealmConfig("failing-test", settings, global, new ThreadContext(Settings.EMPTY)));
}
@Override
@ -345,7 +346,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
static class ThrowingAuthenticationRealm extends CachingUsernamePasswordRealm {
ThrowingAuthenticationRealm(Settings settings, Settings globalSettings) {
super("throwing", new RealmConfig("throwing-test", settings, globalSettings));
super("throwing", new RealmConfig("throwing-test", settings, globalSettings, new ThreadContext(Settings.EMPTY)));
}
@Override
@ -365,7 +366,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
public final AtomicInteger lookupInvocationCounter = new AtomicInteger(0);
AlwaysAuthenticateCachingRealm(Settings globalSettings) {
super("always", new RealmConfig("always-test", Settings.EMPTY, globalSettings));
super("always", new RealmConfig("always-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
}
@Override
@ -387,7 +388,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
public final AtomicInteger lookupInvocationCounter = new AtomicInteger(0);
LookupNotSupportedRealm(Settings globalSettings) {
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings));
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
}
@Override

9
plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java
View File

@ -9,6 +9,7 @@ import com.unboundid.ldap.sdk.DN;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger;
import org.elasticsearch.xpack.security.authc.RealmConfig;
@ -271,7 +272,7 @@ public class DnRoleMapperTests extends ESTestCase {
Settings ldapSettings = Settings.builder()
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings);
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
DnRoleMapper mapper = new DnRoleMapper(LdapRealm.LDAP_TYPE, config, new ResourceWatcherService(settings, threadPool));
@ -285,7 +286,7 @@ public class DnRoleMapperTests extends ESTestCase {
Settings ldapSettings = Settings.builder()
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, true)
.build();
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings);
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));;
DnRoleMapper mapper = new DnRoleMapper(LdapRealm.LDAP_TYPE, config, new ResourceWatcherService(settings, threadPool));
@ -299,7 +300,7 @@ public class DnRoleMapperTests extends ESTestCase {
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, false)
.build();
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings);
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings, new ThreadContext(Settings.EMPTY));;
DnRoleMapper mapper = new DnRoleMapper(LdapRealm.LDAP_TYPE, config, new ResourceWatcherService(settings, threadPool));
@ -311,7 +312,7 @@ public class DnRoleMapperTests extends ESTestCase {
Settings realmSettings = Settings.builder()
.put("files.role_mapping", file.toAbsolutePath())
.build();
RealmConfig config = new RealmConfig("ad-group-mapper-test", realmSettings, settings, env);
RealmConfig config = new RealmConfig("ad-group-mapper-test", realmSettings, settings, env, new ThreadContext(Settings.EMPTY));
return new DnRoleMapper(randomBoolean() ? LdapRealm.AD_TYPE : LdapRealm.LDAP_TYPE, config, watcherService);
}
}

6
qa/security-example-extension/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.example.realm;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -20,7 +22,7 @@ import static org.hamcrest.Matchers.nullValue;
public class CustomRealmTests extends ESTestCase {
public void testAuthenticate() {
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings));
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)));
SecuredString password = new SecuredString(CustomRealm.KNOWN_PW.toCharArray());
UsernamePasswordToken token = new UsernamePasswordToken(CustomRealm.KNOWN_USER, password);
PlainActionFuture<User> plainActionFuture = new PlainActionFuture<>();
@ -33,7 +35,7 @@ public class CustomRealmTests extends ESTestCase {
public void testAuthenticateBadUser() {
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings));
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings, new Environment(globalSettings), new ThreadContext(globalSettings)));
SecuredString password = new SecuredString(CustomRealm.KNOWN_PW.toCharArray());
UsernamePasswordToken token = new UsernamePasswordToken(CustomRealm.KNOWN_USER + "1", password);
PlainActionFuture<User> plainActionFuture = new PlainActionFuture<>();