diff --git a/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java b/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java index b869a08d2b7..a54102360ec 100644 --- a/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java +++ b/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java @@ -38,11 +38,10 @@ public class IndexAuditIT extends ESIntegTestCase { @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2354") public void testShieldIndexAuditTrailWorking() throws Exception { - try (Response response = getRestClient().performRequest("GET", "/", + Response response = getRestClient().performRequest("GET", "/", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, - UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(200)); final AtomicReference lastClusterState = new AtomicReference<>(); final AtomicBoolean indexExists = new AtomicBoolean(false); boolean found = awaitBusy(() -> { diff --git a/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java b/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java index 1780052b191..5864fcb364a 100644 --- a/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java +++ b/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java @@ -58,11 +58,10 @@ public class CustomRealmIT extends ESIntegTestCase { } public void testHttpAuthentication() throws Exception { - try (Response response = getRestClient().performRequest("GET", "/", + Response response = getRestClient().performRequest("GET", "/", new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER), - new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW)); + assertThat(response.getStatusLine().getStatusCode(), is(200)); } public void testTransportClient() throws Exception { diff --git a/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java index 18f41655e4f..54b9cf28c8c 100644 --- a/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java +++ b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java @@ -8,8 +8,6 @@ package org.elasticsearch.smoketest; import com.carrotsearch.randomizedtesting.annotations.Name; import org.elasticsearch.test.rest.RestTestCandidate; -import java.io.IOException; - import static org.hamcrest.Matchers.containsString; public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT { @@ -18,10 +16,10 @@ public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT { super(testCandidate); } - public void test() throws IOException { + public void test() throws Exception { try { super.test(); - fail(); + fail("should have failed because of missing role"); } catch(AssertionError ae) { assertThat(ae.getMessage(), containsString("action [indices:data/read/xpack/graph/explore")); assertThat(ae.getMessage(), containsString("returned [403 Forbidden]")); diff --git a/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java index 037941611bf..1334c2b4de7 100644 --- a/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java +++ b/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java @@ -47,7 +47,7 @@ public class MonitoringWithSecurityInsufficientRoleIT extends ESRestTestCase { } @Override - public void test() throws IOException { + public void test() throws Exception { try { super.test(); fail("should have failed because of missing role"); diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java index 08f98a20822..66eba0a5467 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java @@ -15,14 +15,13 @@ import org.elasticsearch.xpack.monitoring.MonitoringSettings; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import java.util.Collections; import java.util.Map; import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.nullValue; public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { @@ -52,22 +51,20 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { } else { headers = new Header[0]; } - try (Response response = getRestClient().performRequest("GET", "/_nodes/settings", - Collections.emptyMap(), null, headers)) { - Map responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); + Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers); + Map responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); + @SuppressWarnings("unchecked") + Map nodes = (Map) responseMap.get("nodes"); + for (Object node : nodes.values()) { @SuppressWarnings("unchecked") - Map nodes = (Map) responseMap.get("nodes"); - for (Object node : nodes.values()) { - @SuppressWarnings("unchecked") - Map settings = (Map) ((Map) node).get("settings"); - assertThat(extractValue("xpack.monitoring.collection.exporters._http.type", settings), equalTo("http")); - assertThat(extractValue("xpack.monitoring.collection.exporters._http.enabled", settings), equalTo("false")); - assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.username"); - assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.password"); - assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.path"); - assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.password"); - assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification"); - } + Map settings = (Map) ((Map) node).get("settings"); + assertThat(extractValue("xpack.monitoring.collection.exporters._http.type", settings), equalTo("http")); + assertThat(extractValue("xpack.monitoring.collection.exporters._http.enabled", settings), equalTo("false")); + assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.username"); + assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.auth.password"); + assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.path"); + assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.truststore.password"); + assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification"); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java index 01fc9f06b36..9ab583bcbb0 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java @@ -18,7 +18,6 @@ import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import java.io.IOException; import java.util.HashMap; import java.util.Locale; import java.util.Map; @@ -35,35 +34,34 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase { protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray()))); protected void assertAccessIsAllowed(String user, String method, String uri, String body, - Map params) throws IOException { - try (Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body), + Map params) throws Exception { + Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body), new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, - UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))))) { - StatusLine statusLine = response.getStatusLine(); - String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri, - statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity())); - assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400)))); - } + UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray())))); + StatusLine statusLine = response.getStatusLine(); + String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri, + statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity())); + assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400)))); } - protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException { + protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws Exception { assertAccessIsAllowed(user, method, uri, body, new HashMap<>()); } - protected void assertAccessIsAllowed(String user, String method, String uri) throws IOException { + protected void assertAccessIsAllowed(String user, String method, String uri) throws Exception { assertAccessIsAllowed(user, method, uri, null, new HashMap<>()); } - protected void assertAccessIsDenied(String user, String method, String uri, String body) throws IOException { + protected void assertAccessIsDenied(String user, String method, String uri, String body) throws Exception { assertAccessIsDenied(user, method, uri, body, new HashMap<>()); } - protected void assertAccessIsDenied(String user, String method, String uri) throws IOException { + protected void assertAccessIsDenied(String user, String method, String uri) throws Exception { assertAccessIsDenied(user, method, uri, null, new HashMap<>()); } protected void assertAccessIsDenied(String user, String method, String uri, String body, - Map params) throws IOException { + Map params) throws Exception { try { getRestClient().performRequest(method, uri, params, entityOrNull(body), new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, @@ -72,7 +70,7 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase { } catch(ResponseException e) { StatusLine statusLine = e.getResponse().getStatusLine(); String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body, - statusLine.getStatusCode(), statusLine.getReasonPhrase(), e.getResponseBody()); + statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(e.getResponse().getEntity())); assertThat(message, statusLine.getStatusCode(), is(403)); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java index 2c8f083af27..40f4f5569b9 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java @@ -16,14 +16,13 @@ import org.elasticsearch.client.Response; import org.elasticsearch.client.RestClient; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.security.Security; -import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.security.Security; +import org.elasticsearch.xpack.security.authc.support.SecuredString; +import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import java.io.IOException; import java.util.Collections; import static org.hamcrest.Matchers.containsString; @@ -73,21 +72,19 @@ public class BulkUpdateTests extends SecurityIntegTestCase { assertThat(getResponse.getField("bulk updated").getValue(), equalTo("bulk updated")); } - public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException { + public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws Exception { final String path = "/index1/type/1"; final Header basicAuthHeader = new BasicHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))); StringEntity body = new StringEntity("{\"test\":\"test\"}", RestClient.JSON_CONTENT_TYPE); - try (Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader)) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(201)); - } + Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader); + assertThat(response.getStatusLine().getStatusCode(), equalTo(201)); - try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\"")); - } + response = getRestClient().performRequest("GET", path, basicAuthHeader); + assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); + assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\"")); if (randomBoolean()) { flushAndRefresh(); @@ -95,17 +92,14 @@ public class BulkUpdateTests extends SecurityIntegTestCase { //update with new field body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", RestClient.JSON_CONTENT_TYPE); - try (Response response = getRestClient().performRequest("POST", path + "/_update", - Collections.emptyMap(), body, basicAuthHeader)) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - } + response = getRestClient().performRequest("POST", path + "/_update", Collections.emptyMap(), body, basicAuthHeader); + assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - String responseBody = EntityUtils.toString(response.getEntity()); - assertThat(responseBody, containsString("\"test\":\"test\"")); - assertThat(responseBody, containsString("\"not test\":\"not test\"")); - } + response = getRestClient().performRequest("GET", path, basicAuthHeader); + assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); + String responseBody = EntityUtils.toString(response.getEntity()); + assertThat(responseBody, containsString("\"test\":\"test\"")); + assertThat(responseBody, containsString("\"not test\":\"not test\"")); // this part is important. Without this, the document may be read from the translog which would bypass the bug where // FLS kicks in because the request can't be found and only returns meta fields @@ -113,16 +107,13 @@ public class BulkUpdateTests extends SecurityIntegTestCase { body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" + "{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", RestClient.JSON_CONTENT_TYPE); - try (Response response = getRestClient().performRequest("POST", "/_bulk", - Collections.emptyMap(), body, basicAuthHeader)) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - } + response = getRestClient().performRequest("POST", "/_bulk", Collections.emptyMap(), body, basicAuthHeader); + assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { - String responseBody = EntityUtils.toString(response.getEntity()); - assertThat(responseBody, containsString("\"test\":\"test\"")); - assertThat(responseBody, containsString("\"not test\":\"not test\"")); - assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\"")); - } + response = getRestClient().performRequest("GET", path, basicAuthHeader); + responseBody = EntityUtils.toString(response.getEntity()); + assertThat(responseBody, containsString("\"test\":\"test\"")); + assertThat(responseBody, containsString("\"not test\":\"not test\"")); + assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\"")); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index 6909db4b6a5..8b2313d3195 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -162,13 +162,12 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase { } static void executeHttpRequest(String path, Map params) throws Exception { - try (Response response = getRestClient().performRequest("POST", path, params, + Response response = getRestClient().performRequest("POST", path, params, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertNotNull(response.getEntity()); - assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name")); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertNotNull(response.getEntity()); + assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name")); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java index 022ca6d4d07..1c3a9b5e6d5 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java @@ -137,12 +137,11 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { } else { path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache"; } - try (Response response = getRestClient().performRequest("POST", path, + Response response = getRestClient().performRequest("POST", path, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus())); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus())); } else { securityClient.prepareClearRolesCache().names(rolesToClear).get(); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java index f9f33bde1ca..a6a2a6556f5 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java @@ -169,10 +169,9 @@ public class LicensingTests extends SecurityIntegTestCase { } public void testRestAuthenticationByLicenseType() throws Exception { - try (Response response = getRestClient().performRequest("GET", "/")) { - // the default of the licensing tests is basic - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + Response response = getRestClient().performRequest("GET", "/"); + // the default of the licensing tests is basic + assertThat(response.getStatusLine().getStatusCode(), is(200)); // generate a new license with a mode that enables auth OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java index 2f400a12447..3dfd85b6388 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java @@ -14,8 +14,6 @@ import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import java.io.IOException; - import static org.elasticsearch.rest.RestStatus.OK; import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; @@ -31,7 +29,7 @@ public class SecurityPluginTests extends SecurityIntegTestCase { .build(); } - public void testThatPluginIsLoaded() throws IOException { + public void testThatPluginIsLoaded() throws Exception { try { logger.info("executing unauthorized request to /_xpack info"); getRestClient().performRequest("GET", "/_xpack"); @@ -41,11 +39,10 @@ public class SecurityPluginTests extends SecurityIntegTestCase { } logger.info("executing authorized request to /_xpack infos"); - try (Response response = getRestClient().performRequest("GET", "/_xpack", + Response response = getRestClient().performRequest("GET", "/_xpack", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus())); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus())); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java index f14992f5751..1e98c6d22de 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java @@ -140,13 +140,12 @@ public class RunAsIntegTests extends SecurityIntegTestCase { } // but when running as a different user it should work - try (Response response = getRestClient().performRequest("GET", "/_nodes", + Response response = getRestClient().performRequest("GET", "/_nodes", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER, SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))), - new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)); + assertThat(response.getStatusLine().getStatusCode(), is(200)); } public void testEmptyUserImpersonationHeader() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java index baff71c54a0..cb3fe76f1b4 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java @@ -5,12 +5,11 @@ */ package org.elasticsearch.xpack.security.authc.pki; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.message.BasicHeader; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.RestClient; -import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; @@ -79,8 +78,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase { } public void testRestClientWithoutClientCertificate() throws Exception { - SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext()); - try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) { + SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(getSSLContext()); + try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { try { restClient.performRequest("GET", "_nodes"); fail("request should have failed"); @@ -88,12 +87,11 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase { assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); } - try (Response response = restClient.performRequest("GET", "_nodes", + Response response = restClient.performRequest("GET", "_nodes", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(200)); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java index bfa82ffadb7..064b6c6b7ed 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java @@ -6,12 +6,11 @@ package org.elasticsearch.xpack.security.authc.pki; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.message.BasicHeader; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; import org.elasticsearch.client.Client; import org.elasticsearch.client.Response; import org.elasticsearch.client.RestClient; -import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; @@ -78,14 +77,13 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase { public void testThatHttpWorks() throws Exception { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new SecureRandom()); - SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sc); - try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) { - try (Response response = restClient.performRequest("GET", "/_nodes", + SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc); + try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { + Response response = restClient.performRequest("GET", "/_nodes", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(200)); } } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java index b1c691ecc35..375acafc2cf 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java @@ -41,11 +41,10 @@ public class PkiWithoutSSLTests extends SecurityIntegTestCase { } public void testThatHttpWorks() throws Exception { - try (Response response = getRestClient().performRequest("GET", "/_nodes", + Response response = getRestClient().performRequest("GET", "/_nodes", new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(200)); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java index b48fec3e5f8..358c0a2894a 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java @@ -52,23 +52,22 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase { } public void testAuthenticateApi() throws Exception { - try (Response response = getRestClient().performRequest( - "GET", "/_xpack/security/_authenticate", + Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate", new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { - assertThat(response.getStatusLine().getStatusCode(), is(200)); - ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON), - EntityUtils.toString(response.getEntity())); - assertThat(objectPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME)); - @SuppressWarnings("unchecked") - List roles = (List) objectPath.evaluate("roles"); - assertThat(roles.size(), is(1)); - assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE)); - } + new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); + assertThat(response.getStatusLine().getStatusCode(), is(200)); + ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON), + EntityUtils.toString(response.getEntity())); + assertThat(objectPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME)); + @SuppressWarnings("unchecked") + List roles = (List) objectPath.evaluate("roles"); + assertThat(roles.size(), is(1)); + assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE)); } public void testAuthenticateApiWithoutAuthentication() throws Exception { - try (Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate")) { + try { + Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate"); if (anonymousEnabled) { assertThat(response.getStatusLine().getStatusCode(), is(200)); ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON), diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java index 149b49ec30b..85deab44378 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java @@ -6,14 +6,14 @@ package org.elasticsearch.xpack.security.transport.ssl; import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.message.BasicHeader; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; import org.apache.http.ssl.SSLContexts; import org.apache.http.util.EntityUtils; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.client.Response; import org.elasticsearch.client.RestClient; -import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; @@ -28,14 +28,15 @@ import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerT import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport; import javax.net.ssl.SSLHandshakeException; -import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; +import java.security.cert.CertPathBuilderException; import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.instanceOf; public class SslClientAuthTests extends SecurityIntegTestCase { @Override @@ -56,32 +57,29 @@ public class SslClientAuthTests extends SecurityIntegTestCase { return true; } - public void testThatHttpFailsWithoutSslClientAuth() throws IOException { - SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( - SSLContexts.createDefault(), - NoopHostnameVerifier.INSTANCE); - try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) { + public void testThatHttpFailsWithoutSslClientAuth() throws Exception { + SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(SSLContexts.createDefault(), NoopHostnameVerifier.INSTANCE); + try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { restClient.performRequest("GET", "/"); fail("Expected SSLHandshakeException"); } catch (SSLHandshakeException e) { - assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target")); + Throwable t = ExceptionsHelper.unwrap(e, CertPathBuilderException.class); + assertThat(t, instanceOf(CertPathBuilderException.class)); + assertThat(t.getMessage(), containsString("unable to find valid certification path to requested target")); } } - public void testThatHttpWorksWithSslClientAuth() throws IOException { + public void testThatHttpWorksWithSslClientAuth() throws Exception { Settings settings = Settings.builder() .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient")) .build(); ClientSSLService sslService = new ClientSSLService(settings, new Global(settings)); - SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( - sslService.sslContext(), - NoopHostnameVerifier.INSTANCE); - try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) { - try (Response response = restClient.performRequest("GET", "/", - new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())))) { - assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); - assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search")); - } + SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslService.sslContext(), NoopHostnameVerifier.INSTANCE); + try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { + Response response = restClient.performRequest("GET", "/", + new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword()))); + assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); + assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search")); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java index 85f72ef525d..7a1563f5afa 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.user; +import org.apache.http.util.EntityUtils; import org.elasticsearch.client.Response; import org.elasticsearch.client.ResponseException; import org.elasticsearch.common.network.NetworkModule; @@ -49,12 +50,12 @@ public class AnonymousUserIntegTests extends SecurityIntegTestCase { if (authorizationExceptionsEnabled) { assertThat(statusCode, is(403)); assertThat(response.getHeader("WWW-Authenticate"), nullValue()); - assertThat(e.getResponseBody(), containsString("security_exception")); + assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception")); } else { assertThat(statusCode, is(401)); assertThat(response.getHeader("WWW-Authenticate"), notNullValue()); assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic")); - assertThat(e.getResponseBody(), containsString("security_exception")); + assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception")); } } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java index bce92636f85..845f6d2ada3 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.junit.After; import java.io.IOException; -import java.util.Collections; import java.util.Map; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; @@ -58,17 +57,15 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa } else { headers = new Header[0]; } - try (Response response = getRestClient().performRequest("GET", "/_nodes/settings", - Collections.emptyMap(), null, headers)) { - Map responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); - Map nodes = (Map) responseMap.get("nodes"); - for (Object node : nodes.values()) { - Map settings = (Map) ((Map) node).get("settings"); - assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings), - is((Object) "_user")); - assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings), - nullValue()); - } + Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers); + Map responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); + Map nodes = (Map) responseMap.get("nodes"); + for (Object node : nodes.values()) { + Map settings = (Map) ((Map) node).get("settings"); + assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings), + is((Object) "_user")); + assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings), + nullValue()); } } }