Skip to content

Commit

Permalink
Add permissions checks with logging
Browse files Browse the repository at this point in the history 
Signed-off-by: Peter Nied <[email protected]>
  • Loading branch information
@peternied
peternied committed Jan 11, 2023
1 parent 2237639 commit 6e0eb0a
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 1 deletion.
23 changes: 23 additions & 0 deletions sandbox/libs/authn/src/main/java/org/opensearch/authn/internal/InternalSubject.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
* @opensearch.internal
*/
public class InternalSubject implements Subject {

private static final Logger LOG = LogManager.getLogger(this.getClass());

private final org.apache.shiro.subject.Subject shiroSubject;

public InternalSubject(org.apache.shiro.subject.Subject subject) {
Expand Down Expand Up @@ -69,4 +72,24 @@ public void login(AuthenticationToken authenticationToken) {
// Login via shiro realm.
shiroSubject.login(authToken);
}

@Override
public UnauthorizedException checkPermission(final List<String> permissions) {
LOG.debug("Check for permission: " + permissions.stream().collect(Collectors.joining(", ")));

final List<String> unauthorizedPermissions = permissions
.stream()
.filter(p -> !shiroSubject.isPermitted(p))
.collect(Collectors.toList());

if (unauthorizedPermissions.isEmpty()) {
return null;
}

return new UnauthorizedException("Missing the following permissions: " + permissionsAsString(unauthorizedPermissions));
}

private static String permissionsAsString(final List<String> permissions) {
return permissions.stream().collect(Collectors.joining(", ");
}
}
6 changes: 5 additions & 1 deletion sandbox/libs/authn/src/main/java/org/opensearch/authn/noop/NoopSubject.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
import java.util.stream.Collectors;
import java.util.List;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.authn.tokens.AuthenticationToken;
import org.opensearch.authn.Subject;
import org.opensearch.authn.Principals;
Expand All @@ -28,6 +30,8 @@
*/
public class NoopSubject implements Subject {

private static final Logger LOG = LogManager.getLogger(this.getClass());

@Override
public Principal getPrincipal() {
return Principals.UNAUTHENTICATED.getPrincipal();
Expand Down Expand Up @@ -61,7 +65,7 @@ public void login(AuthenticationToken authenticationToken) {

@Override
public UnauthorizedException checkPermission(final List<String> permissions) {
System.err.println("Check for permission: " + permissions.stream().collect(Collectors.joining(", ")));
LOG.debug("Check for permission: " + permissions.stream().collect(Collectors.joining(", ")));
return null;
}
}

0 comments on commit 6e0eb0a

Please sign in to comment.