Merge pull request elastic/elasticsearch#2799 from javanna/feature/async_rest_client

Rest client: move to async client under the hood

Original commit: elastic/x-pack-elasticsearch@e185f46418
This commit is contained in:
Luca Cavanna 2016-07-22 22:36:12 +02:00 committed by GitHub
commit f480c05ae3
18 changed files with 127 additions and 155 deletions

View File

@ -38,11 +38,10 @@ public class IndexAuditIT extends ESIntegTestCase {
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2354") @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2354")
public void testShieldIndexAuditTrailWorking() throws Exception { public void testShieldIndexAuditTrailWorking() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/", Response response = getRestClient().performRequest("GET", "/",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) { UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
}
final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>(); final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
final AtomicBoolean indexExists = new AtomicBoolean(false); final AtomicBoolean indexExists = new AtomicBoolean(false);
boolean found = awaitBusy(() -> { boolean found = awaitBusy(() -> {

View File

@ -60,12 +60,11 @@ public class CustomRealmIT extends ESIntegTestCase {
} }
public void testHttpAuthentication() throws Exception { public void testHttpAuthentication() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/", Response response = getRestClient().performRequest("GET", "/",
new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER), new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER),
new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW))) { new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
} }
}
public void testTransportClient() throws Exception { public void testTransportClient() throws Exception {
NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().get(); NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().get();

View File

@ -21,7 +21,7 @@ public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT {
public void test() throws IOException { public void test() throws IOException {
try { try {
super.test(); super.test();
fail(); fail("should have failed because of missing role");
} catch(AssertionError ae) { } catch(AssertionError ae) {
assertThat(ae.getMessage(), containsString("action [indices:data/read/xpack/graph/explore")); assertThat(ae.getMessage(), containsString("action [indices:data/read/xpack/graph/explore"));
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]")); assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));

View File

@ -19,14 +19,13 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.Map; import java.util.Map;
import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue; import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.nullValue;
public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
@ -63,8 +62,7 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
} else { } else {
headers = new Header[0]; headers = new Header[0];
} }
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings", Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers);
Collections.emptyMap(), null, headers)) {
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes"); Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
@ -80,7 +78,6 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification"); assertNullSetting(settings, "xpack.monitoring.collection.exporters._http.ssl.hostname_verification");
} }
} }
}
private void assertNullSetting(Map<String, Object> settings, String setting) { private void assertNullSetting(Map<String, Object> settings, String setting) {
assertThat(extractValue(setting, settings), nullValue()); assertThat(extractValue(setting, settings), nullValue());

View File

@ -7,12 +7,12 @@ package org.elasticsearch.integration;
import org.apache.http.HttpEntity; import org.apache.http.HttpEntity;
import org.apache.http.StatusLine; import org.apache.http.StatusLine;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity; import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -36,15 +36,14 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
protected void assertAccessIsAllowed(String user, String method, String uri, String body, protected void assertAccessIsAllowed(String user, String method, String uri, String body,
Map<String, String> params) throws IOException { Map<String, String> params) throws IOException {
try (Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body), Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body),
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))))) { UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))));
StatusLine statusLine = response.getStatusLine(); StatusLine statusLine = response.getStatusLine();
String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri, String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity())); statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity()));
assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400)))); assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
} }
}
protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException { protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException {
assertAccessIsAllowed(user, method, uri, body, new HashMap<>()); assertAccessIsAllowed(user, method, uri, body, new HashMap<>());
@ -72,7 +71,7 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
} catch(ResponseException e) { } catch(ResponseException e) {
StatusLine statusLine = e.getResponse().getStatusLine(); StatusLine statusLine = e.getResponse().getStatusLine();
String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body, String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
statusLine.getStatusCode(), statusLine.getReasonPhrase(), e.getResponseBody()); statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(e.getResponse().getEntity()));
assertThat(message, statusLine.getStatusCode(), is(403)); assertThat(message, statusLine.getStatusCode(), is(403));
} }
} }
@ -80,7 +79,7 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
private static HttpEntity entityOrNull(String body) { private static HttpEntity entityOrNull(String body) {
HttpEntity entity = null; HttpEntity entity = null;
if (body != null) { if (body != null) {
entity = new StringEntity(body, RestClient.JSON_CONTENT_TYPE); entity = new StringEntity(body, ContentType.APPLICATION_JSON);
} }
return entity; return entity;
} }

View File

@ -6,6 +6,7 @@
package org.elasticsearch.integration; package org.elasticsearch.integration;
import org.apache.http.Header; import org.apache.http.Header;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity; import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
@ -13,15 +14,14 @@ import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.update.UpdateResponse; import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import java.io.IOException; import java.io.IOException;
import java.util.Collections; import java.util.Collections;
@ -79,50 +79,42 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))); new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
StringEntity body = new StringEntity("{\"test\":\"test\"}", RestClient.JSON_CONTENT_TYPE); StringEntity body = new StringEntity("{\"test\":\"test\"}", ContentType.APPLICATION_JSON);
try (Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader)) { Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader);
assertThat(response.getStatusLine().getStatusCode(), equalTo(201)); assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
}
try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { response = getRestClient().performRequest("GET", path, basicAuthHeader);
assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\"")); assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
}
if (randomBoolean()) { if (randomBoolean()) {
flushAndRefresh(); flushAndRefresh();
} }
//update with new field //update with new field
body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", RestClient.JSON_CONTENT_TYPE); body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", ContentType.APPLICATION_JSON);
try (Response response = getRestClient().performRequest("POST", path + "/_update", response = getRestClient().performRequest("POST", path + "/_update", Collections.emptyMap(), body, basicAuthHeader);
Collections.emptyMap(), body, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
}
try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { response = getRestClient().performRequest("GET", path, basicAuthHeader);
assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
String responseBody = EntityUtils.toString(response.getEntity()); String responseBody = EntityUtils.toString(response.getEntity());
assertThat(responseBody, containsString("\"test\":\"test\"")); assertThat(responseBody, containsString("\"test\":\"test\""));
assertThat(responseBody, containsString("\"not test\":\"not test\"")); assertThat(responseBody, containsString("\"not test\":\"not test\""));
}
// this part is important. Without this, the document may be read from the translog which would bypass the bug where // this part is important. Without this, the document may be read from the translog which would bypass the bug where
// FLS kicks in because the request can't be found and only returns meta fields // FLS kicks in because the request can't be found and only returns meta fields
flushAndRefresh(); flushAndRefresh();
body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" + body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", RestClient.JSON_CONTENT_TYPE); "{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", ContentType.APPLICATION_JSON);
try (Response response = getRestClient().performRequest("POST", "/_bulk", response = getRestClient().performRequest("POST", "/_bulk", Collections.emptyMap(), body, basicAuthHeader);
Collections.emptyMap(), body, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
}
try (Response response = getRestClient().performRequest("GET", path, basicAuthHeader)) { response = getRestClient().performRequest("GET", path, basicAuthHeader);
String responseBody = EntityUtils.toString(response.getEntity()); responseBody = EntityUtils.toString(response.getEntity());
assertThat(responseBody, containsString("\"test\":\"test\"")); assertThat(responseBody, containsString("\"test\":\"test\""));
assertThat(responseBody, containsString("\"not test\":\"not test\"")); assertThat(responseBody, containsString("\"not test\":\"not test\""));
assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\"")); assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
} }
}
} }

View File

@ -162,15 +162,14 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
} }
static void executeHttpRequest(String path, Map<String, String> params) throws Exception { static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
try (Response response = getRestClient().performRequest("POST", path, params, Response response = getRestClient().performRequest("POST", path, params,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertNotNull(response.getEntity()); assertNotNull(response.getEntity());
assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name")); assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
} }
} }
}
@Override @Override
public Settings nodeSettings(int nodeOrdinal) { public Settings nodeSettings(int nodeOrdinal) {

View File

@ -137,12 +137,11 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
} else { } else {
path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache"; path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache";
} }
try (Response response = getRestClient().performRequest("POST", path, Response response = getRestClient().performRequest("POST", path,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus())); assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus()));
}
} else { } else {
securityClient.prepareClearRolesCache().names(rolesToClear).get(); securityClient.prepareClearRolesCache().names(rolesToClear).get();
} }

View File

@ -185,10 +185,9 @@ public class LicensingTests extends SecurityIntegTestCase {
} }
public void testRestAuthenticationByLicenseType() throws Exception { public void testRestAuthenticationByLicenseType() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/")) { Response response = getRestClient().performRequest("GET", "/");
// the default of the licensing tests is basic // the default of the licensing tests is basic
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
}
// generate a new license with a mode that enables auth // generate a new license with a mode that enables auth
OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD); OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD);

View File

@ -41,11 +41,10 @@ public class SecurityPluginTests extends SecurityIntegTestCase {
} }
logger.info("executing authorized request to /_xpack infos"); logger.info("executing authorized request to /_xpack infos");
try (Response response = getRestClient().performRequest("GET", "/_xpack", Response response = getRestClient().performRequest("GET", "/_xpack",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus())); assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
} }
}
} }

View File

@ -140,14 +140,13 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
} }
// but when running as a different user it should work // but when running as a different user it should work
try (Response response = getRestClient().performRequest("GET", "/_nodes", Response response = getRestClient().performRequest("GET", "/_nodes",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))), SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
new BasicHeader(AuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME))) { new BasicHeader(AuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
} }
}
public void testEmptyUserImpersonationHeader() throws Exception { public void testEmptyUserImpersonationHeader() throws Exception {
try (TransportClient client = getTransportClient(Settings.builder() try (TransportClient client = getTransportClient(Settings.builder()

View File

@ -5,12 +5,11 @@
*/ */
package org.elasticsearch.xpack.security.authc.pki; package org.elasticsearch.xpack.security.authc.pki;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
@ -79,8 +78,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
} }
public void testRestClientWithoutClientCertificate() throws Exception { public void testRestClientWithoutClientCertificate() throws Exception {
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext()); SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(getSSLContext());
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) { try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
try { try {
restClient.performRequest("GET", "_nodes"); restClient.performRequest("GET", "_nodes");
fail("request should have failed"); fail("request should have failed");
@ -88,14 +87,13 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
} }
try (Response response = restClient.performRequest("GET", "_nodes", Response response = restClient.performRequest("GET", "_nodes",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
} }
} }
}
public void testTransportClientWithoutClientCertificate() { public void testTransportClientWithoutClientCertificate() {
Transport transport = internalCluster().getDataNodeInstance(Transport.class); Transport transport = internalCluster().getDataNodeInstance(Transport.class);

View File

@ -6,12 +6,11 @@
package org.elasticsearch.xpack.security.authc.pki; package org.elasticsearch.xpack.security.authc.pki;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.elasticsearch.client.Client; import org.elasticsearch.client.Client;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
@ -78,14 +77,13 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
public void testThatHttpWorks() throws Exception { public void testThatHttpWorks() throws Exception {
SSLContext sc = SSLContext.getInstance("SSL"); SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom()); sc.init(null, trustAllCerts, new SecureRandom());
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sc); SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc);
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) { try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
try (Response response = restClient.performRequest("GET", "/_nodes", Response response = restClient.performRequest("GET", "/_nodes",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
} }
} }
}
} }

View File

@ -41,11 +41,10 @@ public class PkiWithoutSSLTests extends SecurityIntegTestCase {
} }
public void testThatHttpWorks() throws Exception { public void testThatHttpWorks() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/_nodes", Response response = getRestClient().performRequest("GET", "/_nodes",
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
} }
}
} }

View File

@ -52,10 +52,9 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
} }
public void testAuthenticateApi() throws Exception { public void testAuthenticateApi() throws Exception {
try (Response response = getRestClient().performRequest( Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
"GET", "/_xpack/security/_authenticate",
new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) { new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))));
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON), ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON),
EntityUtils.toString(response.getEntity())); EntityUtils.toString(response.getEntity()));
@ -65,10 +64,10 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
assertThat(roles.size(), is(1)); assertThat(roles.size(), is(1));
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE)); assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
} }
}
public void testAuthenticateApiWithoutAuthentication() throws Exception { public void testAuthenticateApiWithoutAuthentication() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate")) { try {
Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate");
if (anonymousEnabled) { if (anonymousEnabled) {
assertThat(response.getStatusLine().getStatusCode(), is(200)); assertThat(response.getStatusLine().getStatusCode(), is(200));
ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON), ObjectPath objectPath = ObjectPath.createFromXContent(XContentFactory.xContent(XContentType.JSON),

View File

@ -6,14 +6,14 @@
package org.elasticsearch.xpack.security.transport.ssl; package org.elasticsearch.xpack.security.transport.ssl;
import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.ssl.SSLContexts; import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient; import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
@ -31,11 +31,13 @@ import javax.net.ssl.SSLHandshakeException;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.cert.CertPathBuilderException;
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore; import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.instanceOf;
public class SslClientAuthTests extends SecurityIntegTestCase { public class SslClientAuthTests extends SecurityIntegTestCase {
@Override @Override
@ -57,14 +59,14 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
} }
public void testThatHttpFailsWithoutSslClientAuth() throws IOException { public void testThatHttpFailsWithoutSslClientAuth() throws IOException {
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(SSLContexts.createDefault(), NoopHostnameVerifier.INSTANCE);
SSLContexts.createDefault(), try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
NoopHostnameVerifier.INSTANCE);
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) {
restClient.performRequest("GET", "/"); restClient.performRequest("GET", "/");
fail("Expected SSLHandshakeException"); fail("Expected SSLHandshakeException");
} catch (SSLHandshakeException e) { } catch (SSLHandshakeException e) {
assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target")); Throwable t = ExceptionsHelper.unwrap(e, CertPathBuilderException.class);
assertThat(t, instanceOf(CertPathBuilderException.class));
assertThat(t.getMessage(), containsString("unable to find valid certification path to requested target"));
} }
} }
@ -73,19 +75,16 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
.put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient")) .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient"))
.build(); .build();
ClientSSLService sslService = new ClientSSLService(settings, null, new Global(settings), null); ClientSSLService sslService = new ClientSSLService(settings, null, new Global(settings), null);
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslService.sslContext(), NoopHostnameVerifier.INSTANCE);
sslService.sslContext(), try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) {
NoopHostnameVerifier.INSTANCE); Response response = restClient.performRequest("GET", "/",
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(socketFactory), "https")) { new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())));
try (Response response = restClient.performRequest("GET", "/",
new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())))) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200)); assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search")); assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search"));
} }
} }
}
public void testThatTransportWorksWithoutSslClientAuth() throws Exception { public void testThatTransportWorksWithoutSslClientAuth() throws IOException {
// specify an arbitrary keystore, that does not include the certs needed to connect to the transport protocol // specify an arbitrary keystore, that does not include the certs needed to connect to the transport protocol
Path store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks"); Path store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks");

View File

@ -5,6 +5,7 @@
*/ */
package org.elasticsearch.xpack.security.user; package org.elasticsearch.xpack.security.user;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.client.Response; import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException; import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
@ -49,12 +50,12 @@ public class AnonymousUserIntegTests extends SecurityIntegTestCase {
if (authorizationExceptionsEnabled) { if (authorizationExceptionsEnabled) {
assertThat(statusCode, is(403)); assertThat(statusCode, is(403));
assertThat(response.getHeader("WWW-Authenticate"), nullValue()); assertThat(response.getHeader("WWW-Authenticate"), nullValue());
assertThat(e.getResponseBody(), containsString("security_exception")); assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
} else { } else {
assertThat(statusCode, is(401)); assertThat(statusCode, is(401));
assertThat(response.getHeader("WWW-Authenticate"), notNullValue()); assertThat(response.getHeader("WWW-Authenticate"), notNullValue());
assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic")); assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic"));
assertThat(e.getResponseBody(), containsString("security_exception")); assertThat(EntityUtils.toString(response.getEntity()), containsString("security_exception"));
} }
} }
} }

View File

@ -24,7 +24,6 @@ import org.junit.After;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.Map; import java.util.Map;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
@ -69,8 +68,7 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
} else { } else {
headers = new Header[0]; headers = new Header[0];
} }
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings", Response response = getRestClient().performRequest("GET", "/_nodes/settings", headers);
Collections.emptyMap(), null, headers)) {
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map(); Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes"); Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
for (Object node : nodes.values()) { for (Object node : nodes.values()) {
@ -81,5 +79,4 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
nullValue()); nullValue());
} }
} }
}
} }