honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix user copied in SecurityContext.executeAfterRewritingAuthentication (elastic/x-pack-elasticsearch#1391) 

Also added a unit test for this method

Original commit: elastic/x-pack-elasticsearch@637a865119
This commit is contained in:
Ryan Ernst 2017-05-10 18:00:04 -07:00 committed by GitHub
parent 25505fad95
commit f59b71629a
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java
View File

@ -102,7 +102,7 @@ public class SecurityContext {
final StoredContext original = threadContext.newStoredContext(true);
final Authentication authentication = Objects.requireNonNull(getAuthentication());
try (ThreadContext.StoredContext ctx = threadContext.stashContext()) {
setAuthentication(new Authentication(authentication.getUser().authenticatedUser(), authentication.getAuthenticatedBy(),
setAuthentication(new Authentication(authentication.getUser(), authentication.getAuthenticatedBy(),
authentication.getLookedUpBy(), version));
consumer.accept(original);
}

25
plugin/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java
View File

@ -10,6 +10,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.VersionUtils;
import org.elasticsearch.xpack.security.authc.Authentication;
import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
import org.elasticsearch.xpack.security.user.SystemUser;
@ -84,4 +85,28 @@ public class SecurityContextTests extends ESTestCase {
originalContext.restore();
assertEquals(original, securityContext.getUser());
}
public void testExecuteAfterRewritingAuthentication() throws IOException {
User user = new User("test", null, new User("authUser"));
RealmRef authBy = new RealmRef("ldap", "foo", "node1");
final Authentication original = new Authentication(user, authBy, authBy);
original.writeToContext(threadContext);
final AtomicReference<StoredContext> contextAtomicReference = new AtomicReference<>();
securityContext.executeAfterRewritingAuthentication(originalCtx -> {
Authentication authentication = securityContext.getAuthentication();
assertEquals(original.getUser(), authentication.getUser());
assertEquals(original.getAuthenticatedBy(), authentication.getAuthenticatedBy());
assertEquals(original.getLookedUpBy(), authentication.getLookedUpBy());
assertEquals(VersionUtils.getPreviousVersion(), authentication.getVersion());
contextAtomicReference.set(originalCtx);
}, VersionUtils.getPreviousVersion());
final Authentication authAfterExecution = securityContext.getAuthentication();
assertEquals(original, authAfterExecution);
StoredContext originalContext = contextAtomicReference.get();
assertNotNull(originalContext);
originalContext.restore();
assertEquals(original, securityContext.getAuthentication());
}
}