Fallback to settings if transport profile is empty

If the transport profile does not contain a TCP port range, we fallback to the top-level settings.
2016-11-14 13:48:12 -05:00 · 2016-11-14 13:48:12 -05:00 · a12f09317d
parent 491a945ac8
commit a12f09317d
1 changed files with 25 additions and 5 deletions
--- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java
+++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java
@ -290,7 +290,7 @@ final class Security {
            // a profile is only valid if its the default profile, or if it has an actual name and specifies a port
            boolean valid = TransportSettings.DEFAULT_PROFILE.equals(name) || (Strings.hasLength(name) && profileSettings.get("port") != null);
            if (valid) {
-                addSocketPermissionForTransport(policy, profileSettings);
+                addSocketPermissionForTransportProfile(policy, profileSettings, settings);
            }
        }

@ -308,7 +308,7 @@ final class Security {
     * Add dynamic {@link SocketPermission} based on HTTP settings.
     *
     * @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to.
-     * @param settings the {@link Settings} instance to read the HTTP from
+     * @param settings the {@link Settings} instance to read the HTTP settingsfrom
     */
    private static void addSocketPermissionForHttp(final Permissions policy, final Settings settings) {
        // http is simple
@ -316,14 +316,34 @@ final class Security {
        addSocketPermissionForPortRange(policy, httpRange);
    }

+    /**
+     * Add dynamic {@link SocketPermission} based on transport settings. This method will first check if there is a port range specified in
+     * the transport profile specified by {@code profileSettings} and will fall back to {@code settings}.
+     *
+     * @param policy          the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to
+     * @param profileSettings the {@link Settings} to read the transport profile from
+     * @param settings        the {@link Settings} instance to read the transport settings from
+     */
+    private static void addSocketPermissionForTransportProfile(
+        final Permissions policy,
+        final Settings profileSettings,
+        final Settings settings) {
+        final String transportRange = profileSettings.get("port");
+        if (transportRange != null) {
+            addSocketPermissionForPortRange(policy, transportRange);
+        } else {
+            addSocketPermissionForTransport(policy, settings);
+        }
+    }
+
    /**
     * Add dynamic {@link SocketPermission} based on transport settings.
     *
-     * @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to.
-     * @param settings the {@link Settings} instance to read the HTTP from
+     * @param policy          the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to
+     * @param settings        the {@link Settings} instance to read the transport settings from
     */
    private static void addSocketPermissionForTransport(final Permissions policy, final Settings settings) {
-        final String transportRange = settings.get("port", TransportSettings.PORT.get(settings));
+        final String transportRange = TransportSettings.PORT.get(settings);
        addSocketPermissionForPortRange(policy, transportRange);
    }