Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extensionName() to security extension #79426

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -115,4 +115,8 @@ default AuthenticationFailureHandler getAuthenticationFailureHandler(SecurityCom
default AuthorizationEngine getAuthorizationEngine(Settings settings) {
return null;
}

default String extensionName() {
return getClass().getName();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.xcontent.NamedXContentRegistry;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.env.Environment;
Expand Down Expand Up @@ -597,7 +598,7 @@ Collection<Object> createComponents(Client client, ThreadPool threadPool, Cluste
extensionComponents
);
if (providers != null && providers.isEmpty() == false) {
customRoleProviders.put(extension.toString(), providers);
customRoleProviders.put(extension.extensionName(), providers);
}
}

Expand Down Expand Up @@ -695,37 +696,15 @@ auditTrailService, failureHandler, threadPool, anonymousUser, getAuthorizationEn
}

private AuthorizationEngine getAuthorizationEngine() {
AuthorizationEngine authorizationEngine = null;
String extensionName = null;
for (SecurityExtension extension : securityExtensions) {
final AuthorizationEngine extensionEngine = extension.getAuthorizationEngine(settings);
if (extensionEngine != null && authorizationEngine != null) {
throw new IllegalStateException("Extensions [" + extensionName + "] and [" + extension.toString() + "] "
+ "both set an authorization engine");
}
authorizationEngine = extensionEngine;
extensionName = extension.toString();
}

if (authorizationEngine != null) {
logger.debug("Using authorization engine from extension [" + extensionName + "]");
}
return authorizationEngine;
return findValueFromExtensions("authorization engine", extension -> extension.getAuthorizationEngine(settings));
}

private AuthenticationFailureHandler createAuthenticationFailureHandler(final Realms realms,
final SecurityExtension.SecurityComponents components) {
AuthenticationFailureHandler failureHandler = null;
String extensionName = null;
for (SecurityExtension extension : securityExtensions) {
AuthenticationFailureHandler extensionFailureHandler = extension.getAuthenticationFailureHandler(components);
if (extensionFailureHandler != null && failureHandler != null) {
throw new IllegalStateException("Extensions [" + extensionName + "] and [" + extension.toString() + "] "
+ "both set an authentication failure handler");
}
failureHandler = extensionFailureHandler;
extensionName = extension.toString();
}
AuthenticationFailureHandler failureHandler = findValueFromExtensions(
"authentication failure handler",
extension -> extension.getAuthenticationFailureHandler(components)
);
if (failureHandler == null) {
logger.debug("Using default authentication failure handler");
Supplier<Map<String, List<String>>> headersSupplier = () -> {
Expand Down Expand Up @@ -762,12 +741,48 @@ private AuthenticationFailureHandler createAuthenticationFailureHandler(final Re
getLicenseState().addListener(() -> {
finalDefaultFailureHandler.setHeaders(headersSupplier.get());
});
} else {
logger.debug("Using authentication failure handler from extension [" + extensionName + "]");
}
return failureHandler;
}

/**
* Calls the provided function for each configured extension and return the value that was generated by the extensions.
* If multiple extensions provide a value, throws {@link IllegalStateException}.
* If no extensions provide a value (or if there are no extensions) returns {@code null}.
*/
@Nullable
private <T> T findValueFromExtensions(String valueType, Function<SecurityExtension, T> method) {
T foundValue = null;
String fromExtension = null;
for (SecurityExtension extension : securityExtensions) {
final T extensionValue = method.apply(extension);
if (extensionValue == null) {
continue;
}
if (foundValue == null) {
foundValue = extensionValue;
fromExtension = extension.extensionName();
} else {
throw new IllegalStateException(
"Extensions ["
+ fromExtension
+ "] and ["
+ extension.extensionName()
+ "] "
+ " both attempted to provide a value for ["
+ valueType
+ "]"
);
}
}
if (foundValue == null) {
return null;
} else {
logger.debug("Using [{}] [{}] from extension [{}]", valueType, foundValue, fromExtension);
return foundValue;
}
}

@Override
public Settings additionalSettings() {
return additionalSettings(settings, enabled, transportClientMode);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ public class ExampleSecurityExtension implements SecurityExtension {
});
}

@Override
public String extensionName() {
return "example";
}

@Override
public Map<String, Realm.Factory> getRealms(SecurityComponents components) {
final Map<String, Realm.Factory> map = new HashMap<>();
Expand Down