From ac34c3c37f1281420b565cd47cd992c1d8f886aa Mon Sep 17 00:00:00 2001 From: Jay Modi Date: Fri, 9 Dec 2016 07:28:11 -0500 Subject: [PATCH] Remove deprecated methods from the Realm class This change removes the deprecated methods from the realm class. These methods include blocking authentication and lookup and the lookup supported method. Original commit: elastic/x-pack-elasticsearch@cff21e21ee46b1178a09449497f639b38806d639 --- .../security/authc/AuthenticationService.java | 7 +-- .../xpack/security/authc/Realm.java | 48 ++++------------ .../security/authc/esnative/NativeRealm.java | 5 -- .../authc/esnative/ReservedRealm.java | 5 -- .../xpack/security/authc/file/FileRealm.java | 9 +-- .../xpack/security/authc/ldap/LdapRealm.java | 5 -- .../xpack/security/authc/pki/PkiRealm.java | 14 +---- .../support/CachingUsernamePasswordRealm.java | 4 +- .../authc/support/UsernamePasswordRealm.java | 8 --- .../authc/AuthenticationServiceTests.java | 24 ++++---- .../xpack/security/authc/RealmsTests.java | 14 ++--- .../CachingUsernamePasswordRealmTests.java | 55 ------------------- .../example/realm/CustomRealm.java | 17 +++--- .../example/realm/CustomRealmTests.java | 10 +++- 14 files changed, 49 insertions(+), 176 deletions(-) diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java index 5602f3eaa02..d6a0d6e6fe4 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java @@ -343,8 +343,7 @@ public class AuthenticationService extends AbstractComponent { */ private void lookupRunAsUser(final User user, String runAsUsername, Consumer userConsumer) { final List realmsList = realms.asList(); - final BiConsumer> realmLookupConsumer = (realm, lookupUserListener) -> { - if (realm.userLookupSupported()) { + final BiConsumer> realmLookupConsumer = (realm, lookupUserListener) -> realm.lookupUser(runAsUsername, ActionListener.wrap((lookedupUser) -> { if (lookedupUser != null) { lookedupBy = new RealmRef(realm.name(), realm.type(), nodeName); @@ -353,10 +352,6 @@ public class AuthenticationService extends AbstractComponent { lookupUserListener.onResponse(null); } }, lookupUserListener::onFailure)); - } else { - lookupUserListener.onResponse(null); - } - }; final IteratingActionListener userLookupListener = new IteratingActionListener<>(ActionListener.wrap((lookupUser) -> userConsumer.accept(new User(user, lookupUser)), diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java index 469b06f3a98..72f13da578c 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java @@ -71,44 +71,24 @@ public abstract class Realm implements Comparable { public abstract AuthenticationToken token(ThreadContext context); /** - * Authenticates the given token in a blocking fashion. A successful authentication will return the User associated - * with the given token. An unsuccessful authentication returns {@code null}. This method is deprecated in favor of - * {@link #authenticate(AuthenticationToken, ActionListener)}. + * Authenticates the given token in an asynchronous fashion. A successful authentication will call the + * {@link ActionListener#onResponse} with the User associated with the given token. An unsuccessful authentication calls + * with {@code null} on the argument. * * @param token The authentication token - * @return The authenticated user or {@code null} if authentication failed. - * + * @param listener The listener to pass the authentication result to */ - @Deprecated - public abstract User authenticate(AuthenticationToken token); - - public void authenticate(AuthenticationToken token, ActionListener listener) { - try { - listener.onResponse(authenticate(token)); - } catch (Exception e) { - listener.onFailure(e); - } - } + public abstract void authenticate(AuthenticationToken token, ActionListener listener); /** - * Looks up the user identified the String identifier. A successful lookup will return the {@link User} identified - * by the username. An unsuccessful lookup returns {@code null}. This method is deprecated in favor of - * {@link #lookupUser(String, ActionListener)} + * Looks up the user identified the String identifier. A successful lookup will call the {@link ActionListener#onResponse} + * with the {@link User} identified by the username. An unsuccessful lookup call with {@code null} as the argument. If lookup is not + * supported, simply return {@code null} when called. * * @param username the String identifier for the user - * @return the {@link User} or {@code null} if lookup failed + * @param listener The listener to pass the lookup result to */ - @Deprecated - public abstract User lookupUser(String username); - - public void lookupUser(String username, ActionListener listener) { - try { - User user = lookupUser(username); - listener.onResponse(user); - } catch (Exception e) { - listener.onFailure(e); - } - } + public abstract void lookupUser(String username, ActionListener listener); public Map usageStats() { Map stats = new HashMap<>(); @@ -117,14 +97,6 @@ public abstract class Realm implements Comparable { return stats; } - /** - * Indicates whether this realm supports user lookup. This method is deprecated. In the future if lookup is not supported, simply - * return null when called. - * @return true if the realm supports user lookup - */ - @Deprecated - public abstract boolean userLookupSupported(); - @Override public String toString() { return type + "/" + config.name; diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java index 76ffff8b9b5..08d9bf8bca8 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java @@ -25,11 +25,6 @@ public class NativeRealm extends CachingUsernamePasswordRealm { this.userStore = usersStore; } - @Override - public boolean userLookupSupported() { - return true; - } - @Override protected void doLookupUser(String username, ActionListener listener) { userStore.getUser(username, listener); diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java index 5a55c97b922..985e494b480 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java @@ -108,11 +108,6 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { } } - @Override - public boolean userLookupSupported() { - return true; - } - public static boolean isReserved(String username, Settings settings) { assert username != null; switch (username) { diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java index 6fa738a2613..2d02d01d3e9 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java @@ -18,8 +18,8 @@ public class FileRealm extends CachingUsernamePasswordRealm { public static final String TYPE = "file"; - final FileUserPasswdStore userPasswdStore; - final FileUserRolesStore userRolesStore; + private final FileUserPasswdStore userPasswdStore; + private final FileUserRolesStore userRolesStore; public FileRealm(RealmConfig config, ResourceWatcherService watcherService) { this(config, new FileUserPasswdStore(config, watcherService), new FileUserRolesStore(config, watcherService)); @@ -61,9 +61,4 @@ public class FileRealm extends CachingUsernamePasswordRealm { stats.put("size", userPasswdStore.usersCount()); return stats; } - - @Override - public boolean userLookupSupported() { - return true; - } } diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java index 7b1773cbaf9..bc68bc6ac1c 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java @@ -101,11 +101,6 @@ public final class LdapRealm extends CachingUsernamePasswordRealm { } } - @Override - public boolean userLookupSupported() { - return sessionFactory.supportsUnauthenticatedSession(); - } - @Override public Map usageStats() { Map usage = super.usageStats(); diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java index 17fe9d77c0a..22142adadec 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java @@ -80,11 +80,6 @@ public class PkiRealm extends Realm { return token(context.getTransient(PKI_CERT_HEADER_NAME), principalPattern, logger); } - @Override - public User authenticate(AuthenticationToken authToken) { - throw new UnsupportedOperationException("internal realms do not support blocking calls"); - } - @Override public void authenticate(AuthenticationToken authToken, ActionListener listener) { X509AuthenticationToken token = (X509AuthenticationToken)authToken; @@ -97,13 +92,8 @@ public class PkiRealm extends Realm { } @Override - public User lookupUser(String username) { - return null; - } - - @Override - public boolean userLookupSupported() { - return false; + public void lookupUser(String username, ActionListener listener) { + listener.onResponse(null); } static X509AuthenticationToken token(Object pkiHeaderValue, Pattern principalPattern, Logger logger) { diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java index 4e8f147e457..25cf62bd617 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java @@ -140,9 +140,7 @@ public abstract class CachingUsernamePasswordRealm extends UsernamePasswordRealm @Override public final void lookupUser(String username, ActionListener listener) { - if (!userLookupSupported()) { - listener.onResponse(null); - } else if (cache != null) { + if (cache != null) { UserWithHash withHash = cache.get(username); if (withHash == null) { try { diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java index 6d6f7716d02..26080f58f94 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java @@ -25,12 +25,4 @@ abstract class UsernamePasswordRealm extends Realm { public boolean supports(AuthenticationToken token) { return token instanceof UsernamePasswordToken; } - - public final User authenticate(AuthenticationToken token) { - throw new UnsupportedOperationException("internal realms should not support blocking calls!!"); - } - - public final User lookupUser(String username) { - throw new UnsupportedOperationException("internal realms should not support blocking calls!"); - } } diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java index a9fd5ce4eaf..9027a51e511 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java @@ -172,7 +172,7 @@ public class AuthenticationServiceTests extends ESTestCase { assertThat(result.getUser(), is(user)); verify(auditTrail).authenticationSuccess(secondRealm.name(), user, "_action", message); verifyNoMoreInteractions(auditTrail); - verify(firstRealm, never()).authenticate(token); + verify(firstRealm, never()).authenticate(eq(token), any(ActionListener.class)); assertThreadContextContainsAuthentication(result); } @@ -600,9 +600,9 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, new User("lookup user", new String[]{"user"})); + mockRealmLookupReturnsNull(firstRealm, "run_as"); doThrow(authenticationError("realm doesn't want to lookup")) .when(secondRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(secondRealm.userLookupSupported()).thenReturn(true); try { authenticateBlocking("_action", message, null); @@ -619,9 +619,9 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, new User("lookup user", new String[]{"user"})); + mockRealmLookupReturnsNull(firstRealm, "run_as"); doThrow(authenticationError("realm doesn't want to " + "lookup")) .when(secondRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(secondRealm.userLookupSupported()).thenReturn(true); try { authenticateBlocking(restRequest); @@ -640,12 +640,12 @@ public class AuthenticationServiceTests extends ESTestCase { final User user = new User("lookup user", new String[]{"user"}, "lookup user", "lookup@foo.foo", Collections.singletonMap("foo", "bar"), true); mockAuthenticate(secondRealm, token, user); + mockRealmLookupReturnsNull(firstRealm, "run_as"); doAnswer((i) -> { ActionListener listener = (ActionListener) i.getArguments()[1]; listener.onResponse(new User("looked up user", new String[]{"some role"})); return null; }).when(secondRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(secondRealm.userLookupSupported()).thenReturn(true); Authentication result; if (randomBoolean()) { @@ -676,13 +676,11 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, new User("lookup user", new String[]{"user"})); - when(firstRealm.userLookupSupported()).thenReturn(true); doAnswer((i) -> { ActionListener listener = (ActionListener) i.getArguments()[1]; listener.onResponse(new User("looked up user", new String[]{"some role"})); return null; }).when(firstRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(firstRealm.userLookupSupported()).thenReturn(true); Authentication result; if (randomBoolean()) { @@ -709,7 +707,6 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, user); - when(secondRealm.userLookupSupported()).thenReturn(true); try { authenticateBlocking(restRequest); @@ -727,7 +724,6 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, user); - when(secondRealm.userLookupSupported()).thenReturn(true); try { authenticateBlocking("_action", message, null); @@ -744,12 +740,12 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, new User("lookup user", new String[]{"user"})); + mockRealmLookupReturnsNull(firstRealm, "run_as"); doAnswer((i) -> { ActionListener listener = (ActionListener) i.getArguments()[1]; listener.onResponse(new User("looked up user", new String[]{"some role"}, null, null, null, false)); return null; }).when(secondRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(secondRealm.userLookupSupported()).thenReturn(true); User fallback = randomBoolean() ? SystemUser.INSTANCE : null; ElasticsearchSecurityException e = expectThrows(ElasticsearchSecurityException.class, () -> authenticateBlocking("_action", message, fallback)); @@ -764,12 +760,12 @@ public class AuthenticationServiceTests extends ESTestCase { when(secondRealm.token(threadContext)).thenReturn(token); when(secondRealm.supports(token)).thenReturn(true); mockAuthenticate(secondRealm, token, new User("lookup user", new String[]{"user"})); + mockRealmLookupReturnsNull(firstRealm, "run_as"); doAnswer((i) -> { ActionListener listener = (ActionListener) i.getArguments()[1]; listener.onResponse(new User("looked up user", new String[]{"some role"}, null, null, null, false)); return null; }).when(secondRealm).lookupUser(eq("run_as"), any(ActionListener.class)); - when(secondRealm.userLookupSupported()).thenReturn(true); ElasticsearchSecurityException e = expectThrows(ElasticsearchSecurityException.class, () -> authenticateBlocking(restRequest)); @@ -816,6 +812,14 @@ public class AuthenticationServiceTests extends ESTestCase { return future.actionGet(); } + private static void mockRealmLookupReturnsNull(Realm realm, String username) { + doAnswer((i) -> { + ActionListener listener = (ActionListener) i.getArguments()[1]; + listener.onResponse(null); + return null; + }).when(realm).lookupUser(eq(username), any(ActionListener.class)); + } + static class TestRealms extends Realms { TestRealms(Settings settings, Environment env, Map factories, XPackLicenseState licenseState, diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java index ad1ab5b059b..8329d98faa0 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.authc; +import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; @@ -433,18 +434,13 @@ public class RealmsTests extends ESTestCase { } @Override - public User authenticate(AuthenticationToken token) { - return null; + public void authenticate(AuthenticationToken token, ActionListener listener) { + listener.onResponse(null); } @Override - public User lookupUser(String username) { - return null; - } - - @Override - public boolean userLookupSupported() { - return false; + public void lookupUser(String username, ActionListener listener) { + listener.onResponse(null); } } } diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java index 46ea8457250..771f5874765 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java @@ -58,11 +58,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { protected void doLookupUser(String username, ActionListener listener) { listener.onFailure(new UnsupportedOperationException("this method should not be called")); } - - @Override - public boolean userLookupSupported() { - return false; - } }; assertThat(realm.hasher, sameInstance(Hasher.resolve(hashAlgo))); @@ -213,26 +208,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { assertThat(e.getMessage() , containsString("lookup exception")); } - public void testThatLookupIsNotCalledIfNotSupported() throws Exception { - LookupNotSupportedRealm realm = new LookupNotSupportedRealm(globalSettings); - assertThat(realm.userLookupSupported(), is(false)); - PlainActionFuture future = new PlainActionFuture<>(); - realm.lookupUser("a", future); - User user = future.actionGet(); - assertThat(user, is(nullValue())); - assertThat(realm.lookupInvocationCounter.intValue(), is(0)); - - // try to lookup more - future = new PlainActionFuture<>(); - realm.lookupUser("b", future); - future.actionGet(); - future = new PlainActionFuture<>(); - realm.lookupUser("c", future); - future.actionGet(); - - assertThat(realm.lookupInvocationCounter.intValue(), is(0)); - } - public void testCacheConcurrency() throws Exception { final String username = "username"; final SecuredString password = new SecuredString("changeme".toCharArray()); @@ -255,11 +230,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { protected void doLookupUser(String username, ActionListener listener) { listener.onFailure(new UnsupportedOperationException("this method should not be called")); } - - @Override - public boolean userLookupSupported() { - return false; - } }; final CountDownLatch latch = new CountDownLatch(1); @@ -317,11 +287,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { protected void doLookupUser(String username, ActionListener listener) { listener.onResponse(new User(username, new String[]{"r1", "r2", "r3"})); } - - @Override - public boolean userLookupSupported() { - return true; - } }; final CountDownLatch latch = new CountDownLatch(1); @@ -366,11 +331,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { super("failing", new RealmConfig("failing-test", settings, global)); } - @Override - public boolean userLookupSupported() { - return true; - } - @Override protected void doAuthenticate(UsernamePasswordToken token, ActionListener listener) { listener.onResponse(null); @@ -397,11 +357,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { protected void doLookupUser(String username, ActionListener listener) { listener.onFailure(new RuntimeException("lookup exception")); } - - @Override - public boolean userLookupSupported() { - return true; - } } static class AlwaysAuthenticateCachingRealm extends CachingUsernamePasswordRealm { @@ -424,11 +379,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { lookupInvocationCounter.incrementAndGet(); listener.onResponse(new User(username, new String[] { "lookupRole1", "lookupRole2" })); } - - @Override - public boolean userLookupSupported() { - return true; - } } static class LookupNotSupportedRealm extends CachingUsernamePasswordRealm { @@ -451,10 +401,5 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase { lookupInvocationCounter.incrementAndGet(); listener.onFailure(new UnsupportedOperationException("don't call lookup if lookup isn't supported!!!")); } - - @Override - public boolean userLookupSupported() { - return false; - } } } diff --git a/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java b/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java index aee93517fdd..a8aae73f733 100644 --- a/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java +++ b/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.example.realm; +import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.xpack.security.authc.AuthenticationToken; @@ -46,22 +47,18 @@ public class CustomRealm extends Realm { } @Override - public User authenticate(AuthenticationToken authToken) { + public void authenticate(AuthenticationToken authToken, ActionListener listener) { UsernamePasswordToken token = (UsernamePasswordToken)authToken; final String actualUser = token.principal(); if (KNOWN_USER.equals(actualUser) && SecuredString.constantTimeEquals(token.credentials(), KNOWN_PW)) { - return new User(actualUser, ROLES); + listener.onResponse(new User(actualUser, ROLES)); + } else { + listener.onResponse(null); } - return null; } @Override - public User lookupUser(String username) { - return null; - } - - @Override - public boolean userLookupSupported() { - return false; + public void lookupUser(String username, ActionListener listener) { + listener.onResponse(null); } } diff --git a/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java b/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java index f809a3f14bb..fabb004d79f 100644 --- a/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java +++ b/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.example.realm; +import org.elasticsearch.action.support.PlainActionFuture; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.xpack.security.authc.RealmConfig; @@ -22,7 +23,9 @@ public class CustomRealmTests extends ESTestCase { CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings)); SecuredString password = new SecuredString(CustomRealm.KNOWN_PW.toCharArray()); UsernamePasswordToken token = new UsernamePasswordToken(CustomRealm.KNOWN_USER, password); - User user = realm.authenticate(token); + PlainActionFuture plainActionFuture = new PlainActionFuture<>(); + realm.authenticate(token, plainActionFuture); + User user = plainActionFuture.actionGet(); assertThat(user, notNullValue()); assertThat(user.roles(), equalTo(CustomRealm.ROLES)); assertThat(user.principal(), equalTo(CustomRealm.KNOWN_USER)); @@ -33,7 +36,8 @@ public class CustomRealmTests extends ESTestCase { CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings)); SecuredString password = new SecuredString(CustomRealm.KNOWN_PW.toCharArray()); UsernamePasswordToken token = new UsernamePasswordToken(CustomRealm.KNOWN_USER + "1", password); - User user = realm.authenticate(token); - assertThat(user, nullValue()); + PlainActionFuture plainActionFuture = new PlainActionFuture<>(); + realm.authenticate(token, plainActionFuture); + assertThat(plainActionFuture.actionGet(), nullValue()); } }