7d60f6b365
* security: restore the correct user when switching to the system user For internal actions where we need to switch to the SystemUser, we should always restore the proper context after execution. We were restoring an empty context for actions executed by the SystemUser in the SecurityServerTransportInterceptor. In order to accomplish this, a few changes have been made. Both the SecurityServerTransportInterceptor and the SecurityActionFilter delegate to `SecurityContext#executeAsUser` when a user switch is necessary. Tests were added for this method to ensure that the consumer is executed as the correct user and the proper user is restored. While working on this, a few other cleanups were made: * SecurityContext can never have a null CryptoService, so a null check was removed * We no longer replace the user with the system user when the system user is already associated with the request * The security transport interceptor checks the license state and if auth is not allowed, delegate and return * The security transport interceptor sendWithUser method now requires authentication to be present or a hard exception is thrown. * The TransportFilters integration test has been deleted. This was integration test that relied on the ability to get instances from a node and trace the execution. This has been replaced by additional unit tests in ServerTransportFilterTests Closes elastic/elasticsearch#3845 Original commit: elastic/x-pack-elasticsearch@d8bcb59cb7 |
||
|---|---|---|
| .. | ||
| bin/x-pack | ||
| config/x-pack | ||
| keys | ||
| src | ||
| NOTICE.txt | ||
| build.gradle | ||