honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed a bug in anonymous user via REST 

The resolved anonymous user was not added to the REST request context. This resulted in that when the request was "translated" to a transport request, the fallback was the `system user`. The commit fixes that.

Original commit: elastic/x-pack-elasticsearch@acea6becf1
This commit is contained in:
uboness 2015-03-05 21:05:15 +01:00
parent f0f4973ac3
commit a977bb404f
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -56,6 +56,9 @@ public class InternalAuthenticationService extends AbstractComponent implements
AuthenticationToken token = token(request); AuthenticationToken token = token(request);
if (token == null) { if (token == null) {
if (anonymouseUser != null) { if (anonymouseUser != null) {
// we must put the user in the request context, so it'll be copied to the
// transport request - without it, the transport will assume system user
request.putInContext(USER_KEY, anonymouseUser);
return anonymouseUser; return anonymouseUser;
} }
auditTrail.anonymousAccessDenied(request); auditTrail.anonymousAccessDenied(request);
@ -65,6 +68,8 @@ public class InternalAuthenticationService extends AbstractComponent implements
if (user == null) { if (user == null) {
throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for REST request [" + request.uri() + "]"); throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for REST request [" + request.uri() + "]");
} }
// we must put the user in the request context, so it'll be copied to the
// transport request - without it, the transport will assume system user
request.putInContext(USER_KEY, user); request.putInContext(USER_KEY, user);
return user; return user;
} }

2
src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
View File

@ -443,6 +443,8 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
RestRequest request = new InternalRestRequest(); RestRequest request = new InternalRestRequest();
User user = service.authenticate(request); User user = service.authenticate(request);
assertThat(request.getFromContext(InternalAuthenticationService.USER_KEY), notNullValue());
assertThat(request.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
assertThat(user, notNullValue()); assertThat(user, notNullValue());
assertThat(user.principal(), equalTo(username)); assertThat(user.principal(), equalTo(username));
assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3")); assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3"));