From 20c9ea77794faefd22e22274de3fdbf4ed63f248 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Tue, 3 Oct 2023 16:47:52 +0000 Subject: [PATCH] Rename concrete classes Signed-off-by: Peter Nied --- .../auth/http/saml/HTTPSamlAuthenticator.java | 6 +- .../security/auditlog/AuditLog.java | 13 +- .../security/auditlog/NullAuditLog.java | 14 +- .../auditlog/impl/AbstractAuditLog.java | 15 +- .../security/auditlog/impl/AuditLogImpl.java | 13 +- .../security/auditlog/impl/AuditMessage.java | 9 +- .../security/filter/NettyRequest.java | 66 ++++++ .../security/filter/OpenSearchRequest.java | 74 +++++++ .../filter/OpenSearchRequestChannel.java | 59 ++++++ .../filter/SecurityRequestFactory.java | 191 +----------------- .../opensearch/security/http/XFFResolver.java | 6 +- .../security/rest/SecurityWhoAmIAction.java | 1 - .../http/saml/HTTPSamlAuthenticatorTest.java | 4 +- 13 files changed, 243 insertions(+), 228 deletions(-) create mode 100644 src/main/java/org/opensearch/security/filter/NettyRequest.java create mode 100644 src/main/java/org/opensearch/security/filter/OpenSearchRequest.java create mode 100644 src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java index f987b88dbe..d25cf0711e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java @@ -63,8 +63,8 @@ import org.opensearch.security.auth.HTTPAuthenticator; import org.opensearch.security.filter.SecurityRequest; import org.opensearch.security.filter.SecurityRequestChannel; -import org.opensearch.security.filter.SecurityRequestFactory.SecurityRestRequestChannel; import org.opensearch.security.filter.SecurityRequetChannelUnsupported; +import org.opensearch.security.filter.OpenSearchRequestChannel; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.support.PemKeyReader; import org.opensearch.security.user.AuthCredentials; @@ -183,10 +183,10 @@ public boolean reRequestAuthentication(final SecurityRequestChannel request, fin if (API_AUTHTOKEN_SUFFIX.equals(suffix)) { // Verficiation of SAML ASC endpoint only works with RestRequests - if (!(request instanceof SecurityRestRequestChannel)) { + if (!(request instanceof OpenSearchRequestChannel)) { throw new SecurityRequetChannelUnsupported(); } else { - final SecurityRestRequestChannel securityRequestChannel = (SecurityRestRequestChannel) request; + final OpenSearchRequestChannel securityRequestChannel = (OpenSearchRequestChannel) request; final RestRequest restRequest = securityRequestChannel.breakEncapsulationForRequest(); final RestChannel channel = securityRequestChannel.breakEncapsulationForChannel(); if (this.authTokenProcessorHandler.handle(restRequest, channel)) { diff --git a/src/main/java/org/opensearch/security/auditlog/AuditLog.java b/src/main/java/org/opensearch/security/auditlog/AuditLog.java index d861af14bd..6f9cfa28f7 100644 --- a/src/main/java/org/opensearch/security/auditlog/AuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/AuditLog.java @@ -37,6 +37,7 @@ import org.opensearch.core.index.shard.ShardId; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.compliance.ComplianceConfig; +import org.opensearch.security.filter.SecurityRequest; import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.tasks.Task; import org.opensearch.transport.TransportRequest; @@ -44,14 +45,14 @@ public interface AuditLog extends Closeable { // login - void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request); + void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request); - void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request); + void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request); // privs - void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequestChannel request); + void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequest request); - void logGrantedPrivileges(String effectiveUser, SecurityRequestChannel request); + void logGrantedPrivileges(String effectiveUser, SecurityRequest request); void logMissingPrivileges(String privilege, TransportRequest request, Task task); @@ -63,13 +64,13 @@ public interface AuditLog extends Closeable { // spoof void logBadHeaders(TransportRequest request, String action, Task task); - void logBadHeaders(SecurityRequestChannel request); + void logBadHeaders(SecurityRequest request); void logSecurityIndexAttempt(TransportRequest request, String action, Task task); void logSSLException(TransportRequest request, Throwable t, String action, Task task); - void logSSLException(SecurityRequestChannel request, Throwable t); + void logSSLException(SecurityRequest request, Throwable t); void logDocumentRead(String index, String id, ShardId shardId, Map fieldNameValues); diff --git a/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java b/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java index 440a2eafd5..1ac4492a94 100644 --- a/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java @@ -37,7 +37,7 @@ import org.opensearch.core.index.shard.ShardId; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.compliance.ComplianceConfig; -import org.opensearch.security.filter.SecurityRequestChannel; +import org.opensearch.security.filter.SecurityRequest; import org.opensearch.tasks.Task; import org.opensearch.transport.TransportRequest; @@ -49,12 +49,12 @@ public void close() throws IOException { } @Override - public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request) { + public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request) { // noop, intentionally left empty } @Override - public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request) { + public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request) { // noop, intentionally left empty } @@ -79,7 +79,7 @@ public void logBadHeaders(TransportRequest request, String action, Task task) { } @Override - public void logBadHeaders(SecurityRequestChannel request) { + public void logBadHeaders(SecurityRequest request) { // noop, intentionally left empty } @@ -94,17 +94,17 @@ public void logSSLException(TransportRequest request, Throwable t, String action } @Override - public void logSSLException(SecurityRequestChannel request, Throwable t) { + public void logSSLException(SecurityRequest request, Throwable t) { // noop, intentionally left empty } @Override - public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequestChannel request) { + public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequest request) { // noop, intentionally left empty } @Override - public void logGrantedPrivileges(String effectiveUser, SecurityRequestChannel request) { + public void logGrantedPrivileges(String effectiveUser, SecurityRequest request) { // noop, intentionally left empty } diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java index c13e6d028b..5adc1d50fe 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java @@ -65,6 +65,7 @@ import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.compliance.ComplianceConfig; import org.opensearch.security.dlic.rest.support.Utils; +import org.opensearch.security.filter.SecurityRequest; import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.security.support.Base64Helper; import org.opensearch.security.support.ConfigConstants; @@ -139,7 +140,7 @@ public ComplianceConfig getComplianceConfig() { } @Override - public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request) { + public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request) { if (!checkRestFilter(AuditCategory.FAILED_LOGIN, effectiveUser, request)) { return; @@ -157,7 +158,7 @@ public void logFailedLogin(String effectiveUser, boolean securityadmin, String i } @Override - public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequestChannel request) { + public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, SecurityRequest request) { if (!checkRestFilter(AuditCategory.AUTHENTICATED, effectiveUser, request)) { return; @@ -174,7 +175,7 @@ public void logSucceededLogin(String effectiveUser, boolean securityadmin, Strin } @Override - public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequestChannel request) { + public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequest request) { if (!checkRestFilter(AuditCategory.MISSING_PRIVILEGES, effectiveUser, request)) { return; } @@ -189,7 +190,7 @@ public void logMissingPrivileges(String privilege, String effectiveUser, Securit } @Override - public void logGrantedPrivileges(String effectiveUser, SecurityRequestChannel request) { + public void logGrantedPrivileges(String effectiveUser, SecurityRequest request) { if (!checkRestFilter(AuditCategory.GRANTED_PRIVILEGES, effectiveUser, request)) { return; } @@ -348,7 +349,7 @@ public void logBadHeaders(TransportRequest request, String action, Task task) { } @Override - public void logBadHeaders(SecurityRequestChannel request) { + public void logBadHeaders(SecurityRequest request) { if (!checkRestFilter(AuditCategory.BAD_HEADERS, getUser(), request)) { return; @@ -437,7 +438,7 @@ public void logSSLException(TransportRequest request, Throwable t, String action } @Override - public void logSSLException(SecurityRequestChannel request, Throwable t) { + public void logSSLException(SecurityRequest request, Throwable t) { if (!checkRestFilter(AuditCategory.SSL_EXCEPTION, getUser(), request)) { return; @@ -898,7 +899,7 @@ private boolean checkComplianceFilter( } @VisibleForTesting - boolean checkRestFilter(final AuditCategory category, final String effectiveUser, SecurityRequestChannel request) { + boolean checkRestFilter(final AuditCategory category, final String effectiveUser, SecurityRequest request) { final boolean isTraceEnabled = log.isTraceEnabled(); if (isTraceEnabled) { log.trace( diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java index 1677ebb86a..ced86ffa14 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java @@ -33,6 +33,7 @@ import org.opensearch.core.index.shard.ShardId; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.auditlog.routing.AuditMessageRouter; +import org.opensearch.security.filter.SecurityRequest; import org.opensearch.security.filter.SecurityRequestChannel; import org.opensearch.tasks.Task; import org.opensearch.threadpool.ThreadPool; @@ -131,28 +132,28 @@ protected void save(final AuditMessage msg) { } @Override - public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequestChannel request) { + public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) { if (enabled) { super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request); } } @Override - public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequestChannel request) { + public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) { if (enabled) { super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request); } } @Override - public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequestChannel request) { + public void logMissingPrivileges(String privilege, String effectiveUser, SecurityRequest request) { if (enabled) { super.logMissingPrivileges(privilege, effectiveUser, request); } } @Override - public void logGrantedPrivileges(String effectiveUser, SecurityRequestChannel request) { + public void logGrantedPrivileges(String effectiveUser, SecurityRequest request) { if (enabled) { super.logGrantedPrivileges(effectiveUser, request); } @@ -187,7 +188,7 @@ public void logBadHeaders(TransportRequest request, String action, Task task) { } @Override - public void logBadHeaders(SecurityRequestChannel request) { + public void logBadHeaders(SecurityRequest request) { if (enabled) { super.logBadHeaders(request); } @@ -208,7 +209,7 @@ public void logSSLException(TransportRequest request, Throwable t, String action } @Override - public void logSSLException(SecurityRequestChannel request, Throwable t) { + public void logSSLException(SecurityRequest request, Throwable t) { if (enabled) { super.logSSLException(request, t); } diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java index c142fbc2d7..d62d2088c7 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java @@ -48,8 +48,9 @@ import org.opensearch.security.auditlog.AuditLog.Origin; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.dlic.rest.support.Utils; +import org.opensearch.security.filter.SecurityRequest; import org.opensearch.security.filter.SecurityRequestChannel; -import org.opensearch.security.filter.SecurityRequestFactory.SecurityRestRequestChannel; +import org.opensearch.security.filter.OpenSearchRequest; import org.opensearch.security.securityconf.impl.CType; import org.opensearch.security.support.WildcardMatcher; @@ -371,7 +372,7 @@ void addRestMethod(final RestRequest.Method method) { } } - void addRestRequestInfo(final SecurityRequestChannel request, final AuditConfig.Filter filter) { + void addRestRequestInfo(final SecurityRequest request, final AuditConfig.Filter filter) { if (request != null) { final String path = request.path().toString(); addPath(path); @@ -381,12 +382,12 @@ void addRestRequestInfo(final SecurityRequestChannel request, final AuditConfig. if (filter.shouldLogRequestBody()) { - if (!(request instanceof SecurityRestRequestChannel)) { + if (!(request instanceof OpenSearchRequest)) { // The request body is only avaliable on some request sources return; } - final SecurityRestRequestChannel securityRestRequest = (SecurityRestRequestChannel) request; + final OpenSearchRequest securityRestRequest = (OpenSearchRequest) request; final RestRequest restRequest = securityRestRequest.breakEncapsulationForRequest(); if (!(restRequest.hasContentOrSourceParam())) { diff --git a/src/main/java/org/opensearch/security/filter/NettyRequest.java b/src/main/java/org/opensearch/security/filter/NettyRequest.java new file mode 100644 index 0000000000..6e0d1a0181 --- /dev/null +++ b/src/main/java/org/opensearch/security/filter/NettyRequest.java @@ -0,0 +1,66 @@ +package org.opensearch.security.filter; + +import java.net.InetSocketAddress; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import javax.net.ssl.SSLEngine; + +import org.opensearch.rest.RestRequest.Method; + +class NettyRequest implements SecurityRequestChannel { + @Override + public Map> getHeaders() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getHeaders'"); + } + + @Override + public SSLEngine getSSLEngine() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSSLEngine'"); + } + + @Override + public String path() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'path'"); + } + + @Override + public Method method() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'method'"); + } + + @Override + public Optional getRemoteAddress() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getRemoteAddress'"); + } + + @Override + public String uri() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'uri'"); + } + + @Override + public Map params() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'params'"); + } + + @Override + public boolean hasCompleted() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'hasCompleted'"); + } + + @Override + public boolean completeWithResponse(int statusCode, Map headers, String body) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'completeWithResponse'"); + } +} \ No newline at end of file diff --git a/src/main/java/org/opensearch/security/filter/OpenSearchRequest.java b/src/main/java/org/opensearch/security/filter/OpenSearchRequest.java new file mode 100644 index 0000000000..66d3f5d269 --- /dev/null +++ b/src/main/java/org/opensearch/security/filter/OpenSearchRequest.java @@ -0,0 +1,74 @@ +package org.opensearch.security.filter; + +import java.net.InetSocketAddress; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import javax.net.ssl.SSLEngine; + +import org.opensearch.http.netty4.Netty4HttpChannel; +import org.opensearch.rest.RestRequest; +import org.opensearch.rest.RestRequest.Method; + +import io.netty.handler.ssl.SslHandler; + +public class OpenSearchRequest implements SecurityRequest { + + protected final RestRequest underlyingRequest; + + OpenSearchRequest(final RestRequest request) { + underlyingRequest = request; + } + + @Override + public Map> getHeaders() { + return underlyingRequest.getHeaders(); + } + + @Override + public SSLEngine getSSLEngine() { + if (underlyingRequest == null + || underlyingRequest.getHttpChannel() == null + || !(underlyingRequest.getHttpChannel() instanceof Netty4HttpChannel)) { + return null; + } + + final Netty4HttpChannel httpChannel = (Netty4HttpChannel) underlyingRequest.getHttpChannel(); + SslHandler sslhandler = (SslHandler) httpChannel.getNettyChannel().pipeline().get("ssl_http"); + if (sslhandler == null && httpChannel.inboundPipeline() != null) { + sslhandler = (SslHandler) httpChannel.inboundPipeline().get("ssl_http"); + } + + return sslhandler != null ? sslhandler.engine() : null; + } + + @Override + public String path() { + return underlyingRequest.path(); + } + + @Override + public Method method() { + return underlyingRequest.method(); + } + + @Override + public Optional getRemoteAddress() { + return Optional.ofNullable(this.underlyingRequest.getHttpChannel().getRemoteAddress()); + } + + @Override + public String uri() { + return underlyingRequest.uri(); + } + + @Override + public Map params() { + return underlyingRequest.params(); + } + + public RestRequest breakEncapsulationForRequest() { + return underlyingRequest; + } +} \ No newline at end of file diff --git a/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java b/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java new file mode 100644 index 0000000000..e3b49645a6 --- /dev/null +++ b/src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java @@ -0,0 +1,59 @@ +package org.opensearch.security.filter; + +import java.util.Map; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.opensearch.common.collect.Tuple; +import org.opensearch.core.rest.RestStatus; +import org.opensearch.rest.BytesRestResponse; +import org.opensearch.rest.RestChannel; +import org.opensearch.rest.RestRequest; + +public class OpenSearchRequestChannel extends OpenSearchRequest implements SecurityRequestChannel { + + private final Logger log = LogManager.getLogger(OpenSearchRequest.class); + + private AtomicBoolean hasCompleted = new AtomicBoolean(false); + private final RestChannel underlyingChannel; + + OpenSearchRequestChannel(final RestRequest request, final RestChannel channel) { + super(request); + underlyingChannel = channel; + } + + @Override + public boolean hasCompleted() { + return hasCompleted.get(); + } + + @Override + public boolean completeWithResponse(int statusCode, Map headers, String body) { + if (underlyingChannel == null) { + throw new UnsupportedOperationException("Channel was not defined"); + } + + try { + final BytesRestResponse restResponse = new BytesRestResponse(RestStatus.fromCode(statusCode), body); + headers.forEach(restResponse::addHeader); + underlyingChannel.sendResponse(restResponse); + + return true; + } catch (final Exception e) { + log.error("Error when attempting to send response", e); + throw new RuntimeException(e); + } finally { + hasCompleted.set(true); + } + } + + /** Marks a request completed */ + public void markCompleted() { + hasCompleted.set(true); + } + + public RestChannel breakEncapsulationForChannel() { + return underlyingChannel; + } +} \ No newline at end of file diff --git a/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java b/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java index baba40eff3..80405138fd 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java +++ b/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java @@ -1,24 +1,7 @@ package org.opensearch.security.filter; -import java.net.InetSocketAddress; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.concurrent.atomic.AtomicBoolean; - -import javax.net.ssl.SSLEngine; - -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.opensearch.common.collect.Tuple; -import org.opensearch.core.rest.RestStatus; -import org.opensearch.http.netty4.Netty4HttpChannel; -import org.opensearch.rest.BytesRestResponse; import org.opensearch.rest.RestChannel; import org.opensearch.rest.RestRequest; -import org.opensearch.rest.RestRequest.Method; - -import io.netty.handler.ssl.SslHandler; public class SecurityRequestFactory { @@ -27,180 +10,10 @@ public static SecurityRequestChannel from() { } public static SecurityRequest from(final RestRequest request) { - return new SecurityRestRequest(request); + return new OpenSearchRequest(request); } public static SecurityRequestChannel from(final RestRequest request, final RestChannel channel) { - return new SecurityRestRequestChannel(request, channel); - } - - public static class SecurityRestRequest implements SecurityRequest { - - protected final RestRequest underlyingRequest; - - SecurityRestRequest(final RestRequest request) { - underlyingRequest = request; - } - - @Override - public Map> getHeaders() { - return underlyingRequest.getHeaders(); - } - - @Override - public SSLEngine getSSLEngine() { - if (underlyingRequest == null - || underlyingRequest.getHttpChannel() == null - || !(underlyingRequest.getHttpChannel() instanceof Netty4HttpChannel)) { - return null; - } - - final Netty4HttpChannel httpChannel = (Netty4HttpChannel) underlyingRequest.getHttpChannel(); - SslHandler sslhandler = (SslHandler) httpChannel.getNettyChannel().pipeline().get("ssl_http"); - if (sslhandler == null && httpChannel.inboundPipeline() != null) { - sslhandler = (SslHandler) httpChannel.inboundPipeline().get("ssl_http"); - } - - return sslhandler != null ? sslhandler.engine() : null; - } - - @Override - public String path() { - return underlyingRequest.path(); - } - - @Override - public Method method() { - return underlyingRequest.method(); - } - - @Override - public Optional getRemoteAddress() { - return Optional.ofNullable(this.underlyingRequest.getHttpChannel().getRemoteAddress()); - } - - @Override - public String uri() { - return underlyingRequest.uri(); - } - - @Override - public Map params() { - return underlyingRequest.params(); - } - - public RestRequest breakEncapsulationForRequest() { - return underlyingRequest; - } - } - - public static class SecurityRestRequestChannel extends SecurityRestRequest implements SecurityRequestChannel { - - private final Logger log = LogManager.getLogger(SecurityRestRequest.class); - - private AtomicBoolean hasCompleted = new AtomicBoolean(false); - private final RestChannel underlyingChannel; - - SecurityRestRequestChannel(final RestRequest request, final RestChannel channel) { - super(request); - underlyingChannel = channel; - } - - @Override - public boolean hasCompleted() { - return hasCompleted.get(); - } - - @Override - public boolean completeWithResponse(int statusCode, Map headers, String body) { - if (underlyingChannel == null) { - throw new UnsupportedOperationException("Channel was not defined"); - } - - try { - final BytesRestResponse restResponse = new BytesRestResponse(RestStatus.fromCode(statusCode), body); - headers.forEach(restResponse::addHeader); - underlyingChannel.sendResponse(restResponse); - - return true; - } catch (final Exception e) { - log.error("Error when attempting to send response", e); - throw new RuntimeException(e); - } finally { - hasCompleted.set(true); - } - } - - /** - * Breaks the encapustion of the interface to get access to the underlying RestRequest / RestChannel. - */ - public Tuple breakEncapsulation() { - return Tuple.tuple(underlyingRequest, underlyingChannel); - } - - /** Marks a request completed */ - public void markCompleted() { - hasCompleted.set(true); - } - - public RestChannel breakEncapsulationForChannel() { - return underlyingChannel; - } - } - - protected static class NettyRequest implements SecurityRequestChannel { - @Override - public Map> getHeaders() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'getHeaders'"); - } - - @Override - public SSLEngine getSSLEngine() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'getSSLEngine'"); - } - - @Override - public String path() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'path'"); - } - - @Override - public Method method() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'method'"); - } - - @Override - public Optional getRemoteAddress() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'getRemoteAddress'"); - } - - @Override - public String uri() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'uri'"); - } - - @Override - public Map params() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'params'"); - } - - @Override - public boolean hasCompleted() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'hasCompleted'"); - } - - @Override - public boolean completeWithResponse(int statusCode, Map headers, String body) { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'completeWithResponse'"); - } + return new OpenSearchRequestChannel(request, channel); } } diff --git a/src/main/java/org/opensearch/security/http/XFFResolver.java b/src/main/java/org/opensearch/security/http/XFFResolver.java index e0f83a422f..e9ad412831 100644 --- a/src/main/java/org/opensearch/security/http/XFFResolver.java +++ b/src/main/java/org/opensearch/security/http/XFFResolver.java @@ -38,7 +38,7 @@ import org.opensearch.rest.RestRequest; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.security.filter.SecurityRequest; -import org.opensearch.security.filter.SecurityRequestFactory.SecurityRestRequest; +import org.opensearch.security.filter.OpenSearchRequest; import org.opensearch.security.securityconf.DynamicConfigModel; import org.opensearch.security.support.ConfigConstants; import org.opensearch.threadpool.ThreadPool; @@ -62,8 +62,8 @@ public TransportAddress resolve(final SecurityRequest request) throws OpenSearch } boolean requestFromNetty = false; - if (request instanceof SecurityRestRequest) { - final SecurityRestRequest securityRequestChannel = (SecurityRestRequest) request; + if (request instanceof OpenSearchRequest) { + final OpenSearchRequest securityRequestChannel = (OpenSearchRequest) request; final RestRequest restRequest = securityRequestChannel.breakEncapsulationForRequest(); requestFromNetty = restRequest.getHttpChannel() instanceof Netty4HttpChannel; diff --git a/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java b/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java index bfc2b99a0e..4377215ccd 100644 --- a/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java +++ b/src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java @@ -100,7 +100,6 @@ public void accept(RestChannel channel) throws Exception { try { final SecurityRequestChannel securityRequest = SecurityRequestFactory.from(request, channel); - ; SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor); if (sslInfo == null) { diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java b/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java index 98e8172f0e..dd030da5ed 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java @@ -54,7 +54,7 @@ import org.opensearch.core.rest.RestStatus; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.filter.SecurityRequestFactory; -import org.opensearch.security.filter.SecurityRequestFactory.SecurityRestRequestChannel; +import org.opensearch.security.filter.OpenSearchRequestChannel; import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.user.AuthCredentials; import org.opensearch.security.util.FakeRestRequest; @@ -160,7 +160,7 @@ public void basicTest() throws Exception { private TestRestChannel sendToAuthenticator(HTTPSamlAuthenticator samlAuthenticator, RestRequest request) { TestRestChannel testChannel = new TestRestChannel(request); - SecurityRestRequestChannel tokenRestChannel = (SecurityRestRequestChannel) SecurityRequestFactory.from(request, testChannel); + OpenSearchRequestChannel tokenRestChannel = (OpenSearchRequestChannel) SecurityRequestFactory.from(request, testChannel); samlAuthenticator.reRequestAuthentication(tokenRestChannel, null); return testChannel;