Remove deprecated constructor from failure handler (#35565)
The DefaultAuthenticationFailureHandler has a deprecated constructor that was present to prevent a breaking change to custom realm plugin authors in 6.x. This commit removes the constructor and its uses.
This commit is contained in:
Jay Modi
GitHub
parent
38d6bb27f5
commit
faa9523d19
|
|
@ -14,6 +14,7 @@ import org.elasticsearch.xpack.core.XPackField;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
|
@ -28,16 +29,6 @@ import static org.elasticsearch.xpack.core.security.support.Exceptions.authentic
|
|||
public class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandler {
|
||||
private final Map<String, List<String>> defaultFailureResponseHeaders;
|
||||
|
||||
/**
|
||||
* Constructs default authentication failure handler
|
||||
*
|
||||
* @deprecated replaced by {@link #DefaultAuthenticationFailureHandler(Map)}
|
||||
*/
|
||||
@Deprecated
|
||||
public DefaultAuthenticationFailureHandler() {
|
||||
this(null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs default authentication failure handler with provided default
|
||||
* response headers.
|
||||
|
|
@ -55,7 +46,7 @@ public class DefaultAuthenticationFailureHandler implements AuthenticationFailur
|
|||
.toMap(entry -> entry.getKey(), entry -> {
|
||||
if (entry.getKey().equalsIgnoreCase("WWW-Authenticate")) {
|
||||
List<String> values = new ArrayList<>(entry.getValue());
|
||||
Collections.sort(values, (o1, o2) -> authSchemePriority(o1).compareTo(authSchemePriority(o2)));
|
||||
values.sort(Comparator.comparing(DefaultAuthenticationFailureHandler::authSchemePriority));
|
||||
return Collections.unmodifiableList(values);
|
||||
} else {
|
||||
return Collections.unmodifiableList(entry.getValue());
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ public class DefaultAuthenticationFailureHandlerTests extends ESTestCase {
|
|||
final String bearerAuthScheme = "Bearer realm=\"" + XPackField.SECURITY + "\"";
|
||||
final DefaultAuthenticationFailureHandler failuerHandler;
|
||||
if (testDefault) {
|
||||
failuerHandler = new DefaultAuthenticationFailureHandler();
|
||||
failuerHandler = new DefaultAuthenticationFailureHandler(Collections.emptyMap());
|
||||
} else {
|
||||
final Map<String, List<String>> failureResponeHeaders = new HashMap<>();
|
||||
failureResponeHeaders.put("WWW-Authenticate", Arrays.asList(basicAuthScheme, bearerAuthScheme));
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool);
|
||||
tokenService = new TokenService(settings, Clock.systemUTC(), client, securityIndex, clusterService);
|
||||
service = new AuthenticationService(settings, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings), tokenService);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings), tokenService);
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
@ -461,8 +461,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
try {
|
||||
ThreadContext threadContext1 = threadPool1.getThreadContext();
|
||||
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool1, new AnonymousUser(Settings.EMPTY), tokenService);
|
||||
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool1, new AnonymousUser(Settings.EMPTY),
|
||||
tokenService);
|
||||
|
||||
threadContext1.putTransient(AuthenticationField.AUTHENTICATION_KEY, authRef.get());
|
||||
threadContext1.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get());
|
||||
|
|
@ -485,7 +485,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
final String header;
|
||||
try (ThreadContext.StoredContext ignore = threadContext2.stashContext()) {
|
||||
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool2, new AnonymousUser(Settings.EMPTY), tokenService);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool2, new AnonymousUser(Settings.EMPTY),
|
||||
tokenService);
|
||||
threadContext2.putHeader(AuthenticationField.AUTHENTICATION_KEY, authHeaderRef.get());
|
||||
|
||||
BytesStreamOutput output = new BytesStreamOutput();
|
||||
|
|
@ -498,7 +499,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
|
||||
threadPool2.getThreadContext().putHeader(AuthenticationField.AUTHENTICATION_KEY, header);
|
||||
service = new AuthenticationService(Settings.EMPTY, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool2, new AnonymousUser(Settings.EMPTY), tokenService);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool2, new AnonymousUser(Settings.EMPTY),
|
||||
tokenService);
|
||||
service.authenticate("_action", new InternalMessage(), SystemUser.INSTANCE, ActionListener.wrap(result -> {
|
||||
assertThat(result, notNullValue());
|
||||
assertThat(result.getUser(), equalTo(user1));
|
||||
|
|
@ -533,8 +535,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
}
|
||||
Settings settings = builder.build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(),
|
||||
threadPool, anonymousUser, tokenService);
|
||||
service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
|
||||
threadPool, anonymousUser, tokenService);
|
||||
RestRequest request = new FakeRestRequest();
|
||||
|
||||
Authentication result = authenticateBlocking(request);
|
||||
|
|
@ -551,8 +553,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
.putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3")
|
||||
.build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
service = new AuthenticationService(settings, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser, tokenService);
|
||||
service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
|
||||
threadPool, anonymousUser, tokenService);
|
||||
InternalMessage message = new InternalMessage();
|
||||
|
||||
Authentication result = authenticateBlocking("_action", message, null);
|
||||
|
|
@ -566,8 +568,8 @@ public class AuthenticationServiceTests extends ESTestCase {
|
|||
.putList(AnonymousUser.ROLES_SETTING.getKey(), "r1", "r2", "r3")
|
||||
.build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
service = new AuthenticationService(settings, realms, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser, tokenService);
|
||||
service = new AuthenticationService(settings, realms, auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()),
|
||||
threadPool, anonymousUser, tokenService);
|
||||
|
||||
InternalMessage message = new InternalMessage();
|
||||
|
||||
|
|
|
|||
|
|
@ -226,7 +226,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
|||
return Void.TYPE;
|
||||
}).when(rolesStore).roles(any(Set.class), any(FieldPermissionsCache.class), any(ActionListener.class));
|
||||
authorizationService = new AuthorizationService(settings, rolesStore, clusterService,
|
||||
auditTrail, new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings));
|
||||
auditTrail, new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings));
|
||||
}
|
||||
|
||||
private void authorize(Authentication authentication, String action, TransportRequest request) {
|
||||
|
|
@ -595,7 +595,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
|||
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "a_all").build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
|
||||
|
||||
RoleDescriptor role = new RoleDescriptor("a_all", null,
|
||||
new IndicesPrivileges[] { IndicesPrivileges.builder().indices("a").privileges("all").build() }, null);
|
||||
|
|
@ -620,7 +620,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
|||
.build();
|
||||
final Authentication authentication = createAuthentication(new AnonymousUser(settings));
|
||||
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, new AnonymousUser(settings));
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, new AnonymousUser(settings));
|
||||
|
||||
RoleDescriptor role = new RoleDescriptor("a_all", null,
|
||||
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null);
|
||||
|
|
@ -919,7 +919,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
|||
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
|
||||
roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"},
|
||||
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null));
|
||||
mockEmptyMetaData();
|
||||
|
|
@ -945,7 +945,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
|||
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build();
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
authorizationService = new AuthorizationService(settings, rolesStore, clusterService, auditTrail,
|
||||
new DefaultAuthenticationFailureHandler(), threadPool, anonymousUser);
|
||||
new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, anonymousUser);
|
||||
roleMap.put("anonymous_user_role", new RoleDescriptor("anonymous_user_role", new String[]{"all"},
|
||||
new IndicesPrivileges[]{IndicesPrivileges.builder().indices("a").privileges("all").build()}, null));
|
||||
mockEmptyMetaData();
|
||||
|
|
|
|||
|
|
@ -74,6 +74,7 @@ import org.joda.time.format.DateTimeFormat;
|
|||
import org.junit.Before;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
|
@ -189,7 +190,7 @@ public class IndicesAndAliasesResolverTests extends ESTestCase {
|
|||
ClusterService clusterService = mock(ClusterService.class);
|
||||
when(clusterService.getClusterSettings()).thenReturn(new ClusterSettings(settings, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS));
|
||||
authzService = new AuthorizationService(settings, rolesStore, clusterService,
|
||||
mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class),
|
||||
mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(Collections.emptyMap()), mock(ThreadPool.class),
|
||||
new AnonymousUser(settings));
|
||||
defaultIndicesResolver = new IndicesAndAliasesResolver(settings, clusterService);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,8 +12,14 @@ import org.elasticsearch.transport.TransportMessage;
|
|||
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {
|
||||
|
||||
public CustomAuthenticationFailureHandler() {
|
||||
super(Collections.emptyMap());
|
||||
}
|
||||
|
||||
@Override
|
||||
public ElasticsearchSecurityException failedAuthentication(RestRequest request, AuthenticationToken token,
|
||||
ThreadContext context) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue