security: always serialize the version with the user

This change always serializes the version with the user so that we have this information
for times when we need to make changes and deal with serialization changes. We do this
in the authentication service because the user object is also serialized as part of the get
users response and the StreamInput there will have the appropriate version set on it already
and we do not need to add it in that case.

Closes elastic/elasticsearch#1747

Original commit: elastic/x-pack-elasticsearch@a7ceece09c
This commit is contained in:
jaymode 2016-03-21 06:39:38 -04:00
parent d939289825
commit c5d155efe9
2 changed files with 15 additions and 0 deletions

View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.authc;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.Version;
import org.elasticsearch.common.Base64;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.component.AbstractComponent;
@ -224,6 +225,8 @@ public class InternalAuthenticationService extends AbstractComponent implements
try {
byte[] bytes = Base64.decode(text);
StreamInput input = StreamInput.wrap(bytes);
Version version = Version.readVersion(input);
input.setVersion(version);
return User.readFrom(input);
} catch (IOException ioe) {
throw authenticationError("could not read authenticated user", ioe);
@ -233,6 +236,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
static String encodeUser(User user, ESLogger logger) {
try {
BytesStreamOutput output = new BytesStreamOutput();
Version.writeVersion(Version.CURRENT, output);
User.writeTo(user, output);
byte[] bytes = output.bytes().toBytes();
return Base64.encodeBytes(bytes);

View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield.authc;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.Version;
import org.elasticsearch.common.Base64;
import org.elasticsearch.common.io.stream.BytesStreamOutput;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.settings.Settings;
@ -750,6 +752,15 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
public void testVersionWrittenWithUser() throws Exception {
User user = new User("username", "r1", "r2", "r3");
String text = InternalAuthenticationService.encodeUser(user, null);
StreamInput input = StreamInput.wrap(Base64.decode(text));
Version version = Version.readVersion(input);
assertThat(version, is(Version.CURRENT));
}
private static class InternalMessage extends TransportMessage {
}
}