From 7bcd6644d75406bc74a86beb2c8ce6d5fe9c927e Mon Sep 17 00:00:00 2001 From: Yang Wang Date: Thu, 28 Oct 2021 11:38:38 +1100 Subject: [PATCH 1/2] Skip automatically preserved request headers when rewriting In #79412 we fixed a bug that request headers got dropped when the request is sent across to a node of different version. The fix is to restore all existing request headers during the threadContext rewriting. However, there are headers that are always automatically preserved by the ThreadContext infrastructure, e.g. x-opaque-id. This causes failures when the code tries to re-add the x-opaque-id header since it already exists. An example of this issue is for CCS where the remote cluster is often on a different version compared to the local cluster. Resolves: #79412 --- .../elasticsearch/xpack/core/security/SecurityContext.java | 2 +- .../elasticsearch/xpack/security/SecurityContextTests.java | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java index 59c62f61fe7c..8cfc967fa7a9 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java @@ -175,7 +175,7 @@ public void executeAfterRewritingAuthentication(Consumer consumer ) ); existingRequestHeaders.forEach((k, v) -> { - if (false == AuthenticationField.AUTHENTICATION_KEY.equals(k)) { + if (threadContext.getHeader(k) == null) { threadContext.putHeader(k, v); } }); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java index f64ad4572e78..f5e9255baf95 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityContextTests.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext; +import org.elasticsearch.tasks.Task; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.security.SecurityContext; @@ -124,7 +125,11 @@ public void testExecuteAfterRewritingAuthentication() throws IOException { AuthenticationField.PRIVILEGE_CATEGORY_KEY, randomAlphaOfLengthBetween(3, 10), randomAlphaOfLengthBetween(3, 8), - randomAlphaOfLengthBetween(3, 8) + randomAlphaOfLengthBetween(3, 8), + Task.X_OPAQUE_ID, + randomAlphaOfLength(10), + Task.TRACE_ID, + randomAlphaOfLength(20) ); threadContext.putHeader(requestHeaders); From 57ecf8f9704563c12d465580e274d875a9351d09 Mon Sep 17 00:00:00 2001 From: Yang Wang Date: Thu, 28 Oct 2021 11:51:37 +1100 Subject: [PATCH 2/2] checkstyle --- .../org/elasticsearch/xpack/core/security/SecurityContext.java | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java index 8cfc967fa7a9..e78cb5392f61 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java @@ -21,7 +21,6 @@ import org.elasticsearch.xcontent.XContentType; import org.elasticsearch.xpack.core.security.authc.Authentication; import org.elasticsearch.xpack.core.security.authc.Authentication.AuthenticationType; -import org.elasticsearch.xpack.core.security.authc.AuthenticationField; import org.elasticsearch.xpack.core.security.authc.support.AuthenticationContextSerializer; import org.elasticsearch.xpack.core.security.authc.support.SecondaryAuthentication; import org.elasticsearch.xpack.core.security.user.User;