Resolves compileJava failure and adds new constructor for InternalAut…

…h Manager Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
opensearch-project · Nov 1, 2022 · fb823c6 · fb823c6
1 parent d31c129
commit fb823c6
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 20 deletions.
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/HttpHeaderToken.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/HttpHeaderToken.java
@@ -8,8 +8,6 @@
 
 package org.opensearch.authn;
 
-import org.apache.shiro.authc.AuthenticationToken;
-
 public class HttpHeaderToken implements AuthenticationToken {
 
     public final static String HEADER_NAME = "Authorization";
@@ -22,14 +20,4 @@ public HttpHeaderToken(final String headerValue) {
     public String getHeaderValue() {
         return headerValue;
     }
-
-    @Override
-    public Object getPrincipal() {
-        return null;
-    }
-
-    @Override
-    public Object getCredentials() {
-        return null;
-    }
 }
diff --git a/server/src/main/java/org/opensearch/identity/AuthenticationTokenHandler.java b/server/src/main/java/org/opensearch/identity/AuthenticationTokenHandler.java
@@ -26,7 +26,7 @@ public class AuthenticationTokenHandler {
      * @param authenticationToken the token from which to extract
      * @return the extracted shiro auth token to be used to perform login
      */
-    public static AuthenticationToken extractAuthToken(org.opensearch.authn.AuthenticationToken authenticationToken) {
+    public static AuthenticationToken extractShiroAuthToken(org.opensearch.authn.AuthenticationToken authenticationToken) {
         AuthenticationToken authToken = null;
 
         if (authenticationToken instanceof HttpHeaderToken) {

diff --git a/server/src/main/java/org/opensearch/identity/internal/InternalAuthenticationManager.java b/server/src/main/java/org/opensearch/identity/internal/InternalAuthenticationManager.java
@@ -30,6 +30,10 @@ public InternalAuthenticationManager() {
         SecurityUtils.setSecurityManager(securityManager);
     }
 
+    public InternalAuthenticationManager(SecurityManager securityManager) {
+        SecurityUtils.setSecurityManager(securityManager);
+    }
+
     @Override
     public Subject getSubject() {
         return new InternalSubject(SecurityUtils.getSubject());

diff --git a/server/src/main/java/org/opensearch/identity/internal/InternalSubject.java b/server/src/main/java/org/opensearch/identity/internal/InternalSubject.java
@@ -60,7 +60,7 @@ public String toString() {
      */
     public void login(AuthenticationToken authenticationToken) {
 
-        org.apache.shiro.authc.AuthenticationToken authToken = AuthenticationTokenHandler.extractAuthToken(authenticationToken);
+        org.apache.shiro.authc.AuthenticationToken authToken = AuthenticationTokenHandler.extractShiroAuthToken(authenticationToken);
 
         // Unsupported auth header found
         if (authToken == null) {

diff --git a/server/src/main/java/org/opensearch/rest/SecurityRestFilter.java b/server/src/main/java/org/opensearch/rest/SecurityRestFilter.java
@@ -7,8 +7,10 @@
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.opensearch.authn.AuthenticationToken;
 import org.opensearch.authn.HttpHeaderToken;
 import org.opensearch.authn.Principals;
+import org.opensearch.authn.Subject;
 import org.opensearch.client.node.NodeClient;
 import org.opensearch.identity.Identity;
 
@@ -18,8 +20,6 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import static org.opensearch.node.Node.INTERNAL_REALM;
-
 /**
  * Adds a wrapper to all rest requests to add authentication mechanism
  *
@@ -91,12 +91,16 @@ private boolean authenticate(RestRequest request, RestChannel channel, NodeClien
             .stream()
             .findFirst();
 
+        Subject subject = null;
         // TODO: Handle anonymous Auth - Allowed or Disallowed (set by the user of the system) - 401 or Login-redirect ??
 
         if (authHeader.isPresent()) {
             try {
-                HttpHeaderToken token = new HttpHeaderToken(authHeader.get()); // support other type of header tokens
-                INTERNAL_REALM.authenticateWithToken(token); // set subject should happen here via Subject.login()
+                // support other type of header tokens
+                AuthenticationToken token = new HttpHeaderToken(authHeader.get());
+
+                subject = Identity.getAuthManager().getSubject();
+                subject.login(token);
                 return true;
             } catch (final Exception e) {
                 final BytesRestResponse bytesRestResponse = BytesRestResponse.createSimpleErrorResponse(
@@ -110,8 +114,7 @@ private boolean authenticate(RestRequest request, RestChannel channel, NodeClien
         }
 
         // proceed to check if Auth Header was missing
-        boolean isUnauthenticatedPrincipal = Identity.getAuthManager()
-            .getSubject()
+        boolean isUnauthenticatedPrincipal = subject
             .getPrincipal()
             .equals(Principals.UNAUTHENTICATED.getPrincipal());