Skip to content

Commit

Permalink
Maybe final changes batch
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Nied <[email protected]>
  • Loading branch information
peternied committed Oct 3, 2023
1 parent 20c9ea7 commit 22991e3
Show file tree
Hide file tree
Showing 11 changed files with 10 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
import org.opensearch.security.auditlog.config.AuditConfig;
import org.opensearch.security.compliance.ComplianceConfig;
import org.opensearch.security.filter.SecurityRequest;
import org.opensearch.security.filter.SecurityRequestChannel;
import org.opensearch.tasks.Task;
import org.opensearch.transport.TransportRequest;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@
import org.opensearch.security.compliance.ComplianceConfig;
import org.opensearch.security.dlic.rest.support.Utils;
import org.opensearch.security.filter.SecurityRequest;
import org.opensearch.security.filter.SecurityRequestChannel;
import org.opensearch.security.support.Base64Helper;
import org.opensearch.security.support.ConfigConstants;
import org.opensearch.security.user.User;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
import org.opensearch.security.auditlog.config.AuditConfig;
import org.opensearch.security.auditlog.routing.AuditMessageRouter;
import org.opensearch.security.filter.SecurityRequest;
import org.opensearch.security.filter.SecurityRequestChannel;
import org.opensearch.tasks.Task;
import org.opensearch.threadpool.ThreadPool;
import org.opensearch.transport.TransportRequest;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@
import org.opensearch.security.auditlog.config.AuditConfig;
import org.opensearch.security.dlic.rest.support.Utils;
import org.opensearch.security.filter.SecurityRequest;
import org.opensearch.security.filter.SecurityRequestChannel;
import org.opensearch.security.filter.OpenSearchRequest;
import org.opensearch.security.securityconf.impl.CType;
import org.opensearch.security.support.WildcardMatcher;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,8 @@ public void authenticate(final SecurityRequestChannel request, final ThreadConte
if (isTraceEnabled) {
log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
}
notifyIpAuthFailureListeners(request, authCredentials);
return;
} else {
// no reRequest possible
if (isTraceEnabled) {
Expand All @@ -299,7 +301,7 @@ public void authenticate(final SecurityRequestChannel request, final ThreadConte
if (!ac.isComplete()) {
// credentials found in request but we need another client challenge
if (httpAuthenticator.reRequestAuthentication(request, ac)) {
// auditLog.logFailedLogin(ac.getUsername()+" <incomplete>", request); --noauditlog
notifyIpAuthFailureListeners(request, ac);
return;
} else {
// no reRequest possible
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -546,6 +546,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie
// check if .opendistro_security index has been initialized
if (!ensureIndexExists()) {
internalSeverError(channel, RequestContentValidator.ValidationError.SECURITY_NOT_INITIALIZED.message());
return;
}

// check if request is authorized
Expand All @@ -560,6 +561,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie
// for rest request
request.params().clear();
forbidden(channel, "No permission to access REST API: " + authError);
return;
} else {
securityApiDependencies.auditLog().logGrantedPrivileges(userName, securityRequest);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,4 @@ public boolean completeWithResponse(int statusCode, Map<String, String> headers,
// TODO Auto-generated method stub
throw new UnsupportedOperationException("Unimplemented method 'completeWithResponse'");
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -71,4 +71,4 @@ public Map<String, String> params() {
public RestRequest breakEncapsulationForRequest() {
return underlyingRequest;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.common.collect.Tuple;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.rest.BytesRestResponse;
import org.opensearch.rest.RestChannel;
Expand Down Expand Up @@ -56,4 +55,4 @@ public void markCompleted() {
public RestChannel breakEncapsulationForChannel() {
return underlyingChannel;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
import org.opensearch.common.util.concurrent.ThreadContext;
import org.opensearch.core.common.Strings;
import org.opensearch.security.filter.SecurityRequest;
import org.opensearch.security.filter.SecurityRequestChannel;
import org.opensearch.security.http.HTTPProxyAuthenticator;
import org.opensearch.security.user.AuthCredentials;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,9 @@ public List<Route> routes() {

@Override
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
String[] configTypes = request.paramAsStringArrayOrEmptyIfAll("config_types");

return channel -> {
String[] configTypes = request.paramAsStringArrayOrEmptyIfAll("config_types");

final SecurityRequestChannel securityRequest = SecurityRequestFactory.from(request, channel);
SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);
Expand Down

0 comments on commit 22991e3

Please sign in to comment.