honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove deprecated constructor from failure handler (#35565) 

The DefaultAuthenticationFailureHandler has a deprecated constructor
that was present to prevent a breaking change to custom realm plugin
authors in 6.x. This commit removes the constructor and its uses.
This commit is contained in:
Jay Modi 2018-11-14 17:04:33 -07:00 committed by GitHub
parent 38d6bb27f5
commit faa9523d19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/DefaultAuthenticationFailureHandler.java
View File

@ -14,6 +14,7 @@ import org.elasticsearch.xpack.core.XPackField;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.Comparator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -28,16 +29,6 @@ import static org.elasticsearch.xpack.core.security.support.Exceptions.authentic
public class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandler { public class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandler {
private final Map<String, List<String>> defaultFailureResponseHeaders; private final Map<String, List<String>> defaultFailureResponseHeaders;
/**
* Constructs default authentication failure handler
*
* @deprecated replaced by {@link #DefaultAuthenticationFailureHandler(Map)}
*/
@Deprecated
public DefaultAuthenticationFailureHandler() {
this(null);
}
/** /**
* Constructs default authentication failure handler with provided default * Constructs default authentication failure handler with provided default
* response headers. * response headers.
@ -55,7 +46,7 @@ public class DefaultAuthenticationFailureHandler implements AuthenticationFailur
.toMap(entry -> entry.getKey(), entry -> { .toMap(entry -> entry.getKey(), entry -> {
if (entry.getKey().equalsIgnoreCase("WWW-Authenticate")) { if (entry.getKey().equalsIgnoreCase("WWW-Authenticate")) {
List<String> values = new ArrayList<>(entry.getValue()); List<String> values = new ArrayList<>(entry.getValue());
Collections.sort(values, (o1, o2) -> authSchemePriority(o1).compareTo(authSchemePriority(o2))); values.sort(Comparator.comparing(DefaultAuthenticationFailureHandler::authSchemePriority));
return Collections.unmodifiableList(values); return Collections.unmodifiableList(values);
} else { } else {
return Collections.unmodifiableList(entry.getValue()); return Collections.unmodifiableList(entry.getValue());

2
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/DefaultAuthenticationFailureHandlerTests.java
View File

@ -35,7 +35,7 @@ public class DefaultAuthenticationFailureHandlerTests extends ESTestCase {
final String bearerAuthScheme = "Bearer realm=\"" + XPackField.SECURITY + "\""; final String bearerAuthScheme = "Bearer realm=\"" + XPackField.SECURITY + "\"";
final DefaultAuthenticationFailureHandler failuerHandler; final DefaultAuthenticationFailureHandler failuerHandler;
if (testDefault) { if (testDefault) {
failuerHandler = new DefaultAuthenticationFailureHandler(); failuerHandler = new DefaultAuthenticationFailureHandler(Collections.emptyMap());
} else { } else {
final Map<String, List<String>> failureResponeHeaders = new HashMap<>(); final Map<String, List<String>> failureResponeHeaders = new HashMap<>();
failureResponeHeaders.put("WWW-Authenticate", Arrays.asList(basicAuthScheme, bearerAuthScheme)); failureResponeHeaders.put("WWW-Authenticate", Arrays.asList(basicAuthScheme, bearerAuthScheme));

24
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java
View File

@ -196,7 +196,7 @@ public class AuthenticationServiceTests extends ESTestCase {
ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool); ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool);
tokenService = new TokenService(settings, Clock.systemUTC(), client, securityIndex, clusterService); tokenService = new TokenService(settings, Clock.systemUTC(), client, securityIndex, clusterService);
service = new AuthenticationService(settings, realms, auditTrail, service = new AuthenticationService(settings, realms, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings), tokenService); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings), tokenService);
} }
@After @After
@ -461,8 +461,8 @@ public class AuthenticationServiceTests extends ESTestCase {
try { try {
ThreadContext threadContext1 = threadPool1.getThreadContext(); ThreadContext threadContext1 = threadPool1.getThreadContext();
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail, service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool1, new AnonymousUser(Settings.EMPTY), tokenService); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool1, new AnonymousUser(Settings.EMPTY),
tokenService);
threadContext1.putTransient(AuthenticationField.AUTHENTICATION_KEY, authRef.get()); threadContext1.putTransient(AuthenticationField.AUTHENTICATION_KEY, authRef.get());
threadContext1.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get()); threadContext1.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get());
@ -485,7 +485,8 @@ public class AuthenticationServiceTests extends ESTestCase {
final String header; final String header;
try (ThreadContext.StoredContext ignore = threadContext2.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext2.stashContext()) {
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail, service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool2, new AnonymousUser(Settings.EMPTY), tokenService); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool2, new AnonymousUser(Settings.EMPTY),
tokenService);
threadContext2.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get()); threadContext2.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get());
BytesStreamOutput output = new BytesStreamOutput(); BytesStreamOutput output = new BytesStreamOutput();
@ -498,7 +499,8 @@ public class AuthenticationServiceTests extends ESTestCase {
threadPool2.getThreadContext().putHeader(AuthenticationField.AUTHENTICATION_KEY, header); threadPool2.getThreadContext().putHeader(AuthenticationField.AUTHENTICATION_KEY, header);
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail, service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool2, new AnonymousUser(Settings.EMPTY), tokenService); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool2, new AnonymousUser(Settings.EMPTY),
tokenService);
service.authenticate("_action", new InternalMessage(), SystemUser.INSTANCE, ActionListener.wrap(result -> { service.authenticate("_action", new InternalMessage(), SystemUser.INSTANCE, ActionListener.wrap(result -> {
assertThat(result, notNullValue()); assertThat(result, notNullValue());
assertThat(result.getUser(), equalTo(user1)); assertThat(result.getUser(), equalTo(user1));
@ -533,8 +535,8 @@ public class AuthenticationServiceTests extends ESTestCase {
} }
Settings settings = builder.build(); Settings settings = builder.build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(), service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
threadPool, anonymousUser, tokenService); threadPool, anonymousUser, tokenService);
RestRequest request = new FakeRestRequest(); RestRequest request = new FakeRestRequest();
Authentication result = authenticateBlocking(request); Authentication result = authenticateBlocking(request);
@ -551,8 +553,8 @@ public class AuthenticationServiceTests extends ESTestCase {
.putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3") .putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3")
.build(); .build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
service = new AuthenticationService(settings, realms, auditTrail, service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser, tokenService); threadPool, anonymousUser, tokenService);
InternalMessage message = new InternalMessage(); InternalMessage message = new InternalMessage();
Authentication result = authenticateBlocking("_action", message, null); Authentication result = authenticateBlocking("_action", message, null);
@ -566,8 +568,8 @@ public class AuthenticationServiceTests extends ESTestCase {
.putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3") .putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3")
.build(); .build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
service = new AuthenticationService(settings, realms, auditTrail, service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser, tokenService); threadPool, anonymousUser, tokenService);
InternalMessage message = new InternalMessage(); InternalMessage message = new InternalMessage();

10
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java
View File

@ -226,7 +226,7 @@ public class AuthorizationServiceTests extends ESTestCase {
return Void.TYPE; return Void.TYPE;
}).when(rolesStore).roles(any(Set.class), any(FieldPermissionsCache.class), any(ActionListener.class)); }).when(rolesStore).roles(any(Set.class), any(FieldPermissionsCache.class), any(ActionListener.class));
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, authorizationService = new AuthorizationService(settings, rolesStore, clusterService,
auditTrail, new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings)); auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings));
} }
private void authorize(Authentication authentication, String action, TransportRequest request) { private void authorize(Authentication authentication, String action, TransportRequest request) {
@ -595,7 +595,7 @@ public class AuthorizationServiceTests extends ESTestCase {
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "a_all").build(); Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "a_all").build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail, authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
RoleDescriptor role = new RoleDescriptor("a_all", null, RoleDescriptor role = new RoleDescriptor("a_all", null,
new IndicesPrivileges[] { IndicesPrivileges.builder().indices("a").privileges("all").build() }, null); new IndicesPrivileges[] { IndicesPrivileges.builder().indices("a").privileges("all").build() }, null);
@ -620,7 +620,7 @@ public class AuthorizationServiceTests extends ESTestCase {
.build(); .build();
final Authentication authentication = createAuthentication(new AnonymousUser(settings)); final Authentication authentication = createAuthentication(new AnonymousUser(settings));
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail, authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings)); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings));
RoleDescriptor role = new RoleDescriptor("a_all", null, RoleDescriptor role = new RoleDescriptor("a_all", null,
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null); new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null);
@ -919,7 +919,7 @@ public class AuthorizationServiceTests extends ESTestCase {
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build(); Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail, authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"}, roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"},
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null)); new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null));
mockEmptyMetaData(); mockEmptyMetaData();
@ -945,7 +945,7 @@ public class AuthorizationServiceTests extends ESTestCase {
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build(); Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build();
final AnonymousUser anonymousUser = new AnonymousUser(settings); final AnonymousUser anonymousUser = new AnonymousUser(settings);
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail, authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser); new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"}, roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"},
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null)); new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null));
mockEmptyMetaData(); mockEmptyMetaData();

3
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolverTests.java
View File

@ -74,6 +74,7 @@ import org.joda.time.format.DateTimeFormat;
import org.junit.Before; import org.junit.Before;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
@ -189,7 +190,7 @@ public class IndicesAndAliasesResolverTests extends ESTestCase {
ClusterService clusterService = mock(ClusterService.class); ClusterService clusterService = mock(ClusterService.class);
when(clusterService.getClusterSettings()).thenReturn(new ClusterSettings(settings, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS)); when(clusterService.getClusterSettings()).thenReturn(new ClusterSettings(settings, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS));
authzService = new AuthorizationService(settings, rolesStore, clusterService, authzService = new AuthorizationService(settings, rolesStore, clusterService,
mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(Collections.emptyMap()), mock(ThreadPool.class),
new AnonymousUser(settings)); new AnonymousUser(settings));
defaultIndicesResolver = new IndicesAndAliasesResolver(settings, clusterService); defaultIndicesResolver = new IndicesAndAliasesResolver(settings, clusterService);
} }

6
x-pack/qa/security-example-spi-extension/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
View File

@ -12,8 +12,14 @@ import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken; import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler;
import java.util.Collections;
public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler { public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {
public CustomAuthenticationFailureHandler() {
super(Collections.emptyMap());
}
@Override @Override
public ElasticsearchSecurityException failedAuthentication(RestRequest request, AuthenticationToken token, public ElasticsearchSecurityException failedAuthentication(RestRequest request, AuthenticationToken token,
ThreadContext context) { ThreadContext context) {