diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java index 589ee968a66..53310df1637 100644 --- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java +++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java @@ -13,6 +13,7 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; +import org.elasticsearch.shield.ShieldException; import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.RefreshListener; @@ -106,7 +107,7 @@ public class FileUserPasswdStore { try { lines = Files.readAllLines(path, Charsets.UTF_8); } catch (IOException ioe) { - throw new ElasticsearchException("Could not read users file [" + path.toAbsolutePath() + "]", ioe); + throw new ShieldException("Could not read users file [" + path.toAbsolutePath() + "]", ioe); } ImmutableMap.Builder users = ImmutableMap.builder(); @@ -167,16 +168,19 @@ public class FileUserPasswdStore { @Override public void onFileDeleted(File file) { - if (file.equals(FileUserPasswdStore.this.file.toFile())) { - esUsers = ImmutableMap.of(); - notifyRefresh(); - } + onFileChanged(file); } @Override public void onFileChanged(File file) { if (file.equals(FileUserPasswdStore.this.file.toFile())) { - esUsers = parseFile(file.toPath(), logger); + try { + esUsers = parseFile(file.toPath(), logger); + logger.info("updated users (users file [{}] changed)", file.getAbsolutePath()); + } catch (Throwable t) { + logger.error("Failed to parse users file [{}]. Current users remain unmodified", t, file.getAbsolutePath()); + return; + } notifyRefresh(); } } diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java index fb694e2669b..10e25e17746 100644 --- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java +++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java @@ -196,16 +196,19 @@ public class FileUserRolesStore { @Override public void onFileDeleted(File file) { - if (file.equals(FileUserRolesStore.this.file.toFile())) { - userRoles = ImmutableMap.of(); - notifyRefresh(); - } + onFileChanged(file); } @Override public void onFileChanged(File file) { if (file.equals(FileUserRolesStore.this.file.toFile())) { - userRoles = parseFile(file.toPath(), logger); + try { + userRoles = parseFile(file.toPath(), logger); + logger.info("updated users (users_roles file [{}] changed)", file.getAbsolutePath()); + } catch (Throwable t) { + logger.error("Failed to parse users_roles file [{}]. Current users_roles remain unmodified", t, file.getAbsolutePath()); + return; + } notifyRefresh(); } } diff --git a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java index 8d3cd5a82c6..8de99384175 100644 --- a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java +++ b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java @@ -245,7 +245,13 @@ public class FileRolesStore extends AbstractComponent implements RolesStore { @Override public void onFileChanged(File file) { if (file.equals(FileRolesStore.this.file.toFile())) { - permissions = parseFile(file.toPath(), logger); + try { + permissions = parseFile(file.toPath(), logger); + logger.info("updated roles (roles file [{}] changed)", file.getAbsolutePath()); + } catch (Throwable t) { + logger.error("Could not reload roles file [{}]. Current roles remain unmodified", t, file.getAbsolutePath()); + return; + } listener.onRefresh(); } }