honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fallback to settings if transport profile is empty 

If the transport profile does not contain a TCP port range, we fallback
to the top-level settings.
This commit is contained in:
Jason Tedor 2016-11-14 13:48:12 -05:00
parent 491a945ac8
commit a12f09317d
1 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
core/src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -290,7 +290,7 @@ final class Security {
// a profile is only valid if its the default profile, or if it has an actual name and specifies a port // a profile is only valid if its the default profile, or if it has an actual name and specifies a port
boolean valid = TransportSettings.DEFAULT_PROFILE.equals(name) || (Strings.hasLength(name) && profileSettings.get("port") != null); boolean valid = TransportSettings.DEFAULT_PROFILE.equals(name) || (Strings.hasLength(name) && profileSettings.get("port") != null);
if (valid) { if (valid) {
addSocketPermissionForTransport(policy, profileSettings); addSocketPermissionForTransportProfile(policy, profileSettings, settings);
} }
} }
@ -308,7 +308,7 @@ final class Security {
* Add dynamic {@link SocketPermission} based on HTTP settings. * Add dynamic {@link SocketPermission} based on HTTP settings.
* *
* @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to. * @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to.
* @param settings the {@link Settings} instance to read the HTTP from * @param settings the {@link Settings} instance to read the HTTP settingsfrom
*/ */
private static void addSocketPermissionForHttp(final Permissions policy, final Settings settings) { private static void addSocketPermissionForHttp(final Permissions policy, final Settings settings) {
// http is simple // http is simple
@ -316,14 +316,34 @@ final class Security {
addSocketPermissionForPortRange(policy, httpRange); addSocketPermissionForPortRange(policy, httpRange);
} }
/**
* Add dynamic {@link SocketPermission} based on transport settings. This method will first check if there is a port range specified in
* the transport profile specified by {@code profileSettings} and will fall back to {@code settings}.
*
* @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to
* @param profileSettings the {@link Settings} to read the transport profile from
* @param settings the {@link Settings} instance to read the transport settings from
*/
private static void addSocketPermissionForTransportProfile(
final Permissions policy,
final Settings profileSettings,
final Settings settings) {
final String transportRange = profileSettings.get("port");
if (transportRange != null) {
addSocketPermissionForPortRange(policy, transportRange);
} else {
addSocketPermissionForTransport(policy, settings);
}
}
/** /**
* Add dynamic {@link SocketPermission} based on transport settings. * Add dynamic {@link SocketPermission} based on transport settings.
* *
* @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to. * @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to
* @param settings the {@link Settings} instance to read the HTTP from * @param settings the {@link Settings} instance to read the transport settings from
*/ */
private static void addSocketPermissionForTransport(final Permissions policy, final Settings settings) { private static void addSocketPermissionForTransport(final Permissions policy, final Settings settings) {
final String transportRange = settings.get("port", TransportSettings.PORT.get(settings)); final String transportRange = TransportSettings.PORT.get(settings);
addSocketPermissionForPortRange(policy, transportRange); addSocketPermissionForPortRange(policy, transportRange);
} }