security: always serialize the version with the user
This change always serializes the version with the user so that we have this information for times when we need to make changes and deal with serialization changes. We do this in the authentication service because the user object is also serialized as part of the get users response and the StreamInput there will have the appropriate version set on it already and we do not need to add it in that case. Closes elastic/elasticsearch#1747 Original commit: elastic/x-pack-elasticsearch@a7ceece09c
This commit is contained in:
parent
d939289825
commit
c5d155efe9
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.shield.authc;
|
||||
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.common.Base64;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
|
@ -224,6 +225,8 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
try {
|
||||
byte[] bytes = Base64.decode(text);
|
||||
StreamInput input = StreamInput.wrap(bytes);
|
||||
Version version = Version.readVersion(input);
|
||||
input.setVersion(version);
|
||||
return User.readFrom(input);
|
||||
} catch (IOException ioe) {
|
||||
throw authenticationError("could not read authenticated user", ioe);
|
||||
|
@ -233,6 +236,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
static String encodeUser(User user, ESLogger logger) {
|
||||
try {
|
||||
BytesStreamOutput output = new BytesStreamOutput();
|
||||
Version.writeVersion(Version.CURRENT, output);
|
||||
User.writeTo(user, output);
|
||||
byte[] bytes = output.bytes().toBytes();
|
||||
return Base64.encodeBytes(bytes);
|
||||
|
|
|
@ -7,6 +7,8 @@ package org.elasticsearch.shield.authc;
|
|||
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.common.Base64;
|
||||
import org.elasticsearch.common.io.stream.BytesStreamOutput;
|
||||
import org.elasticsearch.common.io.stream.StreamInput;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
|
@ -750,6 +752,15 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
public void testVersionWrittenWithUser() throws Exception {
|
||||
User user = new User("username", "r1", "r2", "r3");
|
||||
String text = InternalAuthenticationService.encodeUser(user, null);
|
||||
|
||||
StreamInput input = StreamInput.wrap(Base64.decode(text));
|
||||
Version version = Version.readVersion(input);
|
||||
assertThat(version, is(Version.CURRENT));
|
||||
}
|
||||
|
||||
private static class InternalMessage extends TransportMessage {
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue