From a1c0c7b14cb17da38ace723eb98fd28c6d908f86 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 29 Aug 2024 12:37:10 -0400 Subject: [PATCH] Interim build fix for PluginSubject related changes (#4690) Signed-off-by: Craig Perkins --- .../security/OpenSearchSecurityPlugin.java | 10 ++++- .../security/identity/NoopPluginSubject.java | 41 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 src/main/java/org/opensearch/security/identity/NoopPluginSubject.java diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 509b98f12e..d81499f7d6 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -109,6 +109,7 @@ import org.opensearch.http.HttpServerTransport; import org.opensearch.http.HttpServerTransport.Dispatcher; import org.opensearch.http.netty4.ssl.SecureNetty4HttpServerTransport; +import org.opensearch.identity.PluginSubject; import org.opensearch.identity.Subject; import org.opensearch.identity.noop.NoopSubject; import org.opensearch.index.IndexModule; @@ -119,6 +120,7 @@ import org.opensearch.plugins.ExtensionAwarePlugin; import org.opensearch.plugins.IdentityPlugin; import org.opensearch.plugins.MapperPlugin; +import org.opensearch.plugins.Plugin; import org.opensearch.plugins.SecureHttpTransportSettingsProvider; import org.opensearch.plugins.SecureSettingsFactory; import org.opensearch.plugins.SecureTransportSettingsProvider; @@ -164,6 +166,7 @@ import org.opensearch.security.hasher.PasswordHasherFactory; import org.opensearch.security.http.NonSslHttpServerTransport; import org.opensearch.security.http.XFFResolver; +import org.opensearch.security.identity.NoopPluginSubject; import org.opensearch.security.identity.SecurityTokenManager; import org.opensearch.security.privileges.PrivilegesEvaluator; import org.opensearch.security.privileges.PrivilegesInterceptor; @@ -2102,7 +2105,7 @@ private static String handleKeyword(final String field) { } @Override - public Subject getSubject() { + public Subject getCurrentSubject() { // Not supported return new NoopSubject(); } @@ -2112,6 +2115,11 @@ public SecurityTokenManager getTokenManager() { return tokenManager; } + @Override + public PluginSubject getPluginSubject(Plugin plugin) { + return new NoopPluginSubject(threadPool); + } + @Override public Optional getSecureSettingFactory(Settings settings) { return Optional.of(new OpenSearchSecureSettingsFactory(threadPool, sks, sslExceptionHandler, securityRestHandler)); diff --git a/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java b/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java new file mode 100644 index 0000000000..a65fd3337e --- /dev/null +++ b/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java @@ -0,0 +1,41 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package org.opensearch.security.identity; + +import java.security.Principal; +import java.util.concurrent.Callable; + +import org.opensearch.common.util.concurrent.ThreadContext; +import org.opensearch.identity.NamedPrincipal; +import org.opensearch.identity.PluginSubject; +import org.opensearch.threadpool.ThreadPool; + +public class NoopPluginSubject implements PluginSubject { + private final ThreadPool threadPool; + + public NoopPluginSubject(ThreadPool threadPool) { + super(); + this.threadPool = threadPool; + } + + @Override + public Principal getPrincipal() { + return NamedPrincipal.UNAUTHENTICATED; + } + + @Override + public T runAs(Callable callable) throws Exception { + try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) { + return callable.call(); + } + } +}