From 0c5a97d7ede4cabca6fd38d289e6fa3a5980387b Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Wed, 4 Oct 2023 21:04:00 +0000 Subject: [PATCH] Fix spotless Signed-off-by: Peter Nied --- .../jwt/AbstractHTTPJwtAuthenticator.java | 9 +++---- .../auth/http/jwt/HTTPJwtAuthenticator.java | 9 +++---- .../kerberos/HTTPSpnegoAuthenticator.java | 1 - .../auth/http/saml/HTTPSamlAuthenticator.java | 9 +++---- .../security/auth/BackendRegistry.java | 24 ++++++++++--------- .../security/auth/HTTPAuthenticator.java | 1 - .../dlic/rest/api/AbstractApiAction.java | 11 ++++----- .../dlic/rest/api/NodesDnApiAction.java | 2 +- .../security/dlic/rest/api/Responses.java | 2 +- .../rest/validation/EndpointValidator.java | 10 ++++---- .../filter/OpenSearchRequestChannel.java | 3 +-- .../security/filter/SecurityFilter.java | 4 ++-- .../security/filter/SecurityRestFilter.java | 8 +++---- .../security/http/HTTPBasicAuthenticator.java | 9 +++---- .../http/HTTPClientCertAuthenticator.java | 1 - .../security/http/HTTPProxyAuthenticator.java | 1 - .../http/OnBehalfOfAuthenticator.java | 1 - .../rest/SecurityConfigUpdateAction.java | 4 ++-- .../security/rest/SecurityWhoAmIAction.java | 2 +- .../security/rest/TenantInfoAction.java | 2 +- .../impl/AllowlistingSettings.java | 2 +- .../impl/WhitelistingSettings.java | 2 +- .../cache/DummyHTTPAuthenticator.java | 1 - 23 files changed, 50 insertions(+), 68 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java index 2ba1d4a2a2..f2a9de655e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java @@ -41,7 +41,6 @@ import org.opensearch.core.rest.RestStatus; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.user.AuthCredentials; @@ -241,11 +240,9 @@ public String[] extractRoles(JwtClaims claims) { @Override public Optional reRequestAuthentication(final SecurityRequest request, AuthCredentials authCredentials) { - return Optional.of(new SecurityResponse( - HttpStatus.SC_UNAUTHORIZED, - Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), - "" - )); + return Optional.of( + new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "") + ); } public String getRequiredAudience() { diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java index 6fdf9ee075..bd04217db7 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java @@ -35,7 +35,6 @@ import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.user.AuthCredentials; import org.opensearch.security.util.KeyUtils; @@ -175,11 +174,9 @@ private AuthCredentials extractCredentials0(final SecurityRequest request) { @Override public Optional reRequestAuthentication(final SecurityRequest channel, AuthCredentials creds) { - return Optional.of(new SecurityResponse( - HttpStatus.SC_UNAUTHORIZED, - Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), - "" - )); + return Optional.of( + new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "") + ); } @Override diff --git a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java index e526defb70..e08860f7e2 100644 --- a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java @@ -56,7 +56,6 @@ import org.opensearch.env.Environment; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.user.AuthCredentials; diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java index 0a7ae54d92..ea4724c497 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java @@ -63,7 +63,6 @@ import org.opensearch.security.auth.Destroyable; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityRequetChannelUnsupported; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.filter.OpenSearchRequestChannel; @@ -200,11 +199,9 @@ public Optional reRequestAuthentication(final SecurityRequest } final Saml2Settings saml2Settings = this.saml2SettingsProvider.getCached(); - return Optional.of(new SecurityResponse( - HttpStatus.SC_UNAUTHORIZED, - Map.of("WWW-Authenticate", getWwwAuthenticateHeader(saml2Settings)), - "" - )); + return Optional.of( + new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", getWwwAuthenticateHeader(saml2Settings)), "") + ); } catch (Exception e) { log.error("Error in reRequestAuthentication()", e); return Optional.empty(); diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java index 4dd22da6a8..039f6e90ca 100644 --- a/src/main/java/org/opensearch/security/auth/BackendRegistry.java +++ b/src/main/java/org/opensearch/security/auth/BackendRegistry.java @@ -53,9 +53,7 @@ import org.opensearch.OpenSearchSecurityException; import org.opensearch.common.settings.Settings; import org.opensearch.core.common.transport.TransportAddress; -import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.core.rest.RestStatus; -import org.opensearch.rest.BytesRestResponse; import org.opensearch.security.auditlog.AuditLog; import org.opensearch.security.auth.blocking.ClientBlockRegistry; import org.opensearch.security.auth.internal.NoOpAuthenticationBackend; @@ -221,7 +219,9 @@ public boolean authenticate(final SecurityRequestChannel request) { if (!isInitialized()) { log.error("Not yet initialized (you may need to run securityadmin)"); - request.completeWithResponse(new SecurityResponse(HttpStatus.SC_SERVICE_UNAVAILABLE, null, "OpenSearch Security not initialized.")); + request.completeWithResponse( + new SecurityResponse(HttpStatus.SC_SERVICE_UNAVAILABLE, null, "OpenSearch Security not initialized.") + ); return false; } @@ -350,11 +350,13 @@ public boolean authenticate(final SecurityRequestChannel request) { if (adminDns.isAdmin(authenticatedUser)) { log.error("Cannot authenticate rest user because admin user is not permitted to login via HTTP"); auditLog.logFailedLogin(authenticatedUser.getName(), true, null, request); - request.completeWithResponse(new SecurityResponse( - HttpStatus.SC_FORBIDDEN, - null, - "Cannot authenticate user because admin user is not permitted to login via HTTP" - )); + request.completeWithResponse( + new SecurityResponse( + HttpStatus.SC_FORBIDDEN, + null, + "Cannot authenticate user because admin user is not permitted to login via HTTP" + ) + ); return false; } @@ -397,7 +399,7 @@ public boolean authenticate(final SecurityRequestChannel request) { } return true; } - + Optional challengeResponse = Optional.empty(); if (firstChallengingHttpAuthenticator != null) { @@ -592,7 +594,7 @@ private User impersonate(final SecurityRequestChannel request, final User origin } if (adminDns.isAdminDN(impersonatedUserHeader)) { - + throw new OpenSearchSecurityException( "It is not allowed to impersonate as an adminuser '" + impersonatedUserHeader + "'", RestStatus.FORBIDDEN @@ -600,7 +602,7 @@ private User impersonate(final SecurityRequestChannel request, final User origin } if (!adminDns.isRestImpersonationAllowed(originalUser.getName(), impersonatedUserHeader)) { - + throw new OpenSearchSecurityException( "'" + originalUser.getName() + "' is not allowed to impersonate as '" + impersonatedUserHeader + "'", RestStatus.FORBIDDEN diff --git a/src/main/java/org/opensearch/security/auth/HTTPAuthenticator.java b/src/main/java/org/opensearch/security/auth/HTTPAuthenticator.java index 014b10195b..f5a4df34b5 100644 --- a/src/main/java/org/opensearch/security/auth/HTTPAuthenticator.java +++ b/src/main/java/org/opensearch/security/auth/HTTPAuthenticator.java @@ -32,7 +32,6 @@ import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.rest.RestRequest; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.user.AuthCredentials; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java index 111eb609dc..aa2af3f042 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java @@ -49,7 +49,6 @@ import org.opensearch.security.dlic.rest.validation.EndpointValidator; import org.opensearch.security.dlic.rest.validation.RequestContentValidator; import org.opensearch.security.dlic.rest.validation.ValidationResult; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityRequestFactory; import org.opensearch.security.securityconf.DynamicConfigFactory; import org.opensearch.security.securityconf.impl.CType; @@ -373,7 +372,7 @@ protected final ValidationResult> loadConfigurat ) { final var configuration = load(cType, logComplianceEvent); if (configuration.getSeqNo() < 0) { - + return ValidationResult.error( RestStatus.FORBIDDEN, forbiddenMessage( @@ -414,19 +413,19 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() { @Override public ValidationResult onConfigDelete(SecurityConfiguration securityConfiguration) throws IOException { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied")); } @Override public ValidationResult onConfigLoad(SecurityConfiguration securityConfiguration) throws IOException { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied")); } @Override public ValidationResult onConfigChange(SecurityConfiguration securityConfiguration) throws IOException { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied")); } @@ -564,7 +563,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie securityApiDependencies.auditLog().logGrantedPrivileges(userName, SecurityRequestFactory.from(request)); } - final var originalUserAndRemoteAddress = Utils.userAndRemoteAddressFrom(threadPool.getThreadContext()); + final var originalUserAndRemoteAddress = Utils.userAndRemoteAddressFrom(threadPool.getThreadContext()); final Object originalOrigin = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN); return channel -> threadPool.generic().submit(() -> { diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java index b691d96fb3..30885b69f0 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java @@ -139,7 +139,7 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() { public ValidationResult isAllowedToChangeImmutableEntity(SecurityConfiguration securityConfiguration) throws IOException { if (STATIC_OPENSEARCH_YML_NODES_DN.equals(securityConfiguration.entityName())) { - + return ValidationResult.error( RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + STATIC_OPENSEARCH_YML_NODES_DN + "' is read-only.") diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/Responses.java b/src/main/java/org/opensearch/security/dlic/rest/api/Responses.java index 0a0edee6e4..60310c7fa4 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/Responses.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/Responses.java @@ -73,7 +73,7 @@ public static void response(RestChannel channel, RestStatus status, String messa public static void response(final RestChannel channel, final RestStatus status, final ToXContent toXContent) { try (final var builder = channel.newBuilder()) { toXContent.toXContent(builder, ToXContent.EMPTY_PARAMS); - + channel.sendResponse(new BytesRestResponse(status, builder)); } catch (final IOException ioe) { throw ExceptionsHelper.convertToOpenSearchException(ioe); diff --git a/src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java b/src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java index c03342630e..fa5c7052fe 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java +++ b/src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java @@ -55,7 +55,7 @@ default boolean isCurrentUserAdmin() { default ValidationResult withRequiredEntityName(final String entityName) { if (entityName == null) { - + return ValidationResult.error(RestStatus.BAD_REQUEST, badRequestMessage("No " + resourceName() + " specified.")); } return ValidationResult.success(entityName); @@ -105,7 +105,7 @@ default ValidationResult entityStatic(final SecurityConfi final var configuration = securityConfiguration.configuration(); final var entityName = securityConfiguration.entityName(); if (configuration.isStatic(entityName)) { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is static.")); } return ValidationResult.success(securityConfiguration); @@ -124,7 +124,7 @@ default ValidationResult entityHidden(final SecurityConfi final var configuration = securityConfiguration.configuration(); final var entityName = securityConfiguration.entityName(); if (configuration.isHidden(entityName)) { - + return ValidationResult.error(RestStatus.NOT_FOUND, notFoundMessage("Resource '" + entityName + "' is not available.")); } return ValidationResult.success(securityConfiguration); @@ -152,7 +152,7 @@ default ValidationResult isAllowedToChangeEntityWithRestA final var configuration = securityConfiguration.configuration(); final var existingEntity = configuration.getCEntry(securityConfiguration.entityName()); if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(existingEntity)) { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied")); } } else { @@ -162,7 +162,7 @@ default ValidationResult isAllowedToChangeEntityWithRestA configuration.getImplementingClass() ); if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(configEntityContent)) { - + return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied")); } } diff --git a/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java b/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java index 5230167acb..f8be79e093 100644 --- a/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java +++ b/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java @@ -1,6 +1,5 @@ package org.opensearch.security.filter; -import java.util.Map; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.logging.log4j.LogManager; @@ -29,7 +28,7 @@ public boolean hasCompleted() { @Override public boolean completeWithResponse(final SecurityResponse response) { - + if (underlyingChannel == null) { throw new UnsupportedOperationException("Channel was not defined"); } diff --git a/src/main/java/org/opensearch/security/filter/SecurityFilter.java b/src/main/java/org/opensearch/security/filter/SecurityFilter.java index 523acad108..d4aaa4b7ff 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityFilter.java +++ b/src/main/java/org/opensearch/security/filter/SecurityFilter.java @@ -464,7 +464,7 @@ public void onFailure(Exception e) { : String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user); } log.debug(err); - + listener.onFailure(new OpenSearchSecurityException(err, RestStatus.FORBIDDEN)); } } catch (OpenSearchException e) { @@ -515,7 +515,7 @@ private boolean checkImmutableIndices(Object request, ActionListener listener) { || request instanceof IndicesAliasesRequest; if (isModifyIndexRequest && isRequestIndexImmutable(request)) { - + listener.onFailure(new OpenSearchSecurityException("Index is immutable", RestStatus.FORBIDDEN)); return true; } diff --git a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java index 29b91b655d..4f005f3e09 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java +++ b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java @@ -206,7 +206,7 @@ private void authorizeRequest(RestHandler original, SecurityRequestChannel reque err = String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user); } log.debug(err); - + request.completeWithResponse(new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, null, err)); return; } @@ -220,7 +220,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t final OpenSearchException exception = ExceptionUtils.createBadHeaderException(); log.error(exception.toString()); auditLog.logBadHeaders(requestChannel); - + requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString())); return; } @@ -229,7 +229,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t final OpenSearchException exception = ExceptionUtils.createBadHeaderException(); log.error(exception.toString()); auditLog.logBadHeaders(requestChannel); - + requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString())); return; } @@ -250,7 +250,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t } catch (SSLPeerUnverifiedException e) { log.error("No ssl info", e); auditLog.logSSLException(requestChannel, e); - + requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, null)); return; } diff --git a/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java b/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java index 2c5aec3fa6..81fefa7a8e 100644 --- a/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java @@ -38,7 +38,6 @@ import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.support.HTTPHelper; import org.opensearch.security.user.AuthCredentials; @@ -68,11 +67,9 @@ public AuthCredentials extractCredentials(final SecurityRequest request, final T @Override public Optional reRequestAuthentication(final SecurityRequest request, AuthCredentials creds) { - return Optional.of(new SecurityResponse( - HttpStatus.SC_UNAUTHORIZED, - Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), - "" - )); + return Optional.of( + new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "") + ); } @Override diff --git a/src/main/java/org/opensearch/security/http/HTTPClientCertAuthenticator.java b/src/main/java/org/opensearch/security/http/HTTPClientCertAuthenticator.java index 4578502f0a..433ec01458 100644 --- a/src/main/java/org/opensearch/security/http/HTTPClientCertAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/HTTPClientCertAuthenticator.java @@ -44,7 +44,6 @@ import org.opensearch.core.common.Strings; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.user.AuthCredentials; diff --git a/src/main/java/org/opensearch/security/http/HTTPProxyAuthenticator.java b/src/main/java/org/opensearch/security/http/HTTPProxyAuthenticator.java index fcf9104832..de57e2f9e6 100644 --- a/src/main/java/org/opensearch/security/http/HTTPProxyAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/HTTPProxyAuthenticator.java @@ -40,7 +40,6 @@ import org.opensearch.core.common.Strings; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.user.AuthCredentials; diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java index 7278ee3976..8499b88f62 100644 --- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java @@ -37,7 +37,6 @@ import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.authtoken.jwt.EncryptionDecryptionUtil; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.ssl.util.ExceptionUtils; import org.opensearch.security.user.AuthCredentials; diff --git a/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java b/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java index 0739497724..df8b721d59 100644 --- a/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java +++ b/src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java @@ -81,7 +81,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor); if (sslInfo == null) { - + channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, "")); return; } @@ -90,7 +90,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli // only allowed for admins if (user == null || !adminDns.isAdmin(user)) { - + channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, "")); return; } else { diff --git a/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java b/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java index 885ae2bbc6..acf0249ed8 100644 --- a/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java +++ b/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java @@ -103,7 +103,7 @@ public void accept(RestChannel channel) throws Exception { SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor); if (sslInfo == null) { - + response = new BytesRestResponse(RestStatus.FORBIDDEN, "No security data"); } else { diff --git a/src/main/java/org/opensearch/security/rest/TenantInfoAction.java b/src/main/java/org/opensearch/security/rest/TenantInfoAction.java index d6ba8aa0f2..59831f9852 100644 --- a/src/main/java/org/opensearch/security/rest/TenantInfoAction.java +++ b/src/main/java/org/opensearch/security/rest/TenantInfoAction.java @@ -114,7 +114,7 @@ public void accept(RestChannel channel) throws Exception { // only allowed for admins or the kibanaserveruser if (!isAuthorized()) { - + response = new BytesRestResponse(RestStatus.FORBIDDEN, ""); } else { diff --git a/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java b/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java index c4ac02d218..370d13f51b 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java @@ -110,7 +110,7 @@ private boolean requestIsAllowlisted(RestRequest request) { public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException { // if allowlisting is enabled but the request is not allowlisted, then return false, otherwise true. if (this.enabled && !requestIsAllowlisted(request)) { - + channel.sendResponse( new BytesRestResponse( RestStatus.FORBIDDEN, diff --git a/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java b/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java index c9bb99fdea..182b2c87f6 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java @@ -111,7 +111,7 @@ private boolean requestIsWhitelisted(RestRequest request) { public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException { // if whitelisting is enabled but the request is not whitelisted, then return false, otherwise true. if (this.enabled && !requestIsWhitelisted(request)) { - + channel.sendResponse( new BytesRestResponse( RestStatus.FORBIDDEN, diff --git a/src/test/java/org/opensearch/security/cache/DummyHTTPAuthenticator.java b/src/test/java/org/opensearch/security/cache/DummyHTTPAuthenticator.java index 6cc2023eb1..2cfd23fc23 100644 --- a/src/test/java/org/opensearch/security/cache/DummyHTTPAuthenticator.java +++ b/src/test/java/org/opensearch/security/cache/DummyHTTPAuthenticator.java @@ -19,7 +19,6 @@ import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.filter.SecurityResponse; import org.opensearch.security.user.AuthCredentials;