private void putInitialActionClassHeader(String initialActionClassValue, String resolvedActionClass) { if(initialActionClassValue == null) { if(getThreadContext().getHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER, resolvedActionClass); } } else { if(getThreadContext().getHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER, initialActionClassValue); } } }
getThreadContext().putHeader("_sg_remotecn", cs.getClusterName().value()); getThreadContext().putHeader("_sg_header_tn", "true"); getThreadContext().putHeader( Maps.filterKeys(origHeaders0, k->k!=null && ( k.equals(ConfigConstants.SG_CONF_REQUEST_HEADER) getThreadContext().putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" IC -> "+action+" "+getThreadContext().getHeaders().entrySet().stream().filter(p->!p.getKey().startsWith("_sg_trace")).collect(Collectors.toMap(p -> p.getKey(), p -> p.getValue())));
private void attachSourceFieldContext(ActionRequest request) { if(request instanceof SearchRequest && SourceFieldsContext.isNeeded((SearchRequest) request)) { if(threadContext.getHeader("_sg_source_field_context") == null) { final String serializedSourceFieldContext = Base64Helper.serializeObject(new SourceFieldsContext((SearchRequest) request)); threadContext.putHeader("_sg_source_field_context", serializedSourceFieldContext); } } else if (request instanceof GetRequest && SourceFieldsContext.isNeeded((GetRequest) request)) { if(threadContext.getHeader("_sg_source_field_context") == null) { final String serializedSourceFieldContext = Base64Helper.serializeObject(new SourceFieldsContext((GetRequest) request)); threadContext.putHeader("_sg_source_field_context", serializedSourceFieldContext); } } }
threadContext.putHeader(ConfigConstants.SG_CONF_REQUEST_HEADER, "true");
threadContext.putHeader(ConfigConstants.SG_MASKED_FIELD_HEADER, Base64Helper.serializeObject((Serializable) maskedFieldsMap)); if (log.isDebugEnabled()) { log.debug("attach masked fields info: {}", maskedFieldsMap); threadContext.putHeader(ConfigConstants.SG_DLS_QUERY_HEADER, Base64Helper.serializeObject((Serializable) dlsQueries)); if (log.isDebugEnabled()) { log.debug("attach DLS info: {}", dlsQueries); threadContext.putHeader(ConfigConstants.SG_FLS_FIELDS_HEADER, Base64Helper.serializeObject((Serializable) flsFields)); if (log.isDebugEnabled()) { log.debug("attach FLS info: {}", flsFields);
private void ensureCorrectHeaders(final Object remoteAdr, final User origUser, final String origin) { // keep original address if(origin != null && !origin.isEmpty() /*&& !Origin.LOCAL.toString().equalsIgnoreCase(origin)*/ && getThreadContext().getHeader(ConfigConstants.SG_ORIGIN_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_ORIGIN_HEADER, origin); } if(origin == null && getThreadContext().getHeader(ConfigConstants.SG_ORIGIN_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_ORIGIN_HEADER, Origin.LOCAL.toString()); } if (remoteAdr != null && remoteAdr instanceof TransportAddress) { String remoteAddressHeader = getThreadContext().getHeader(ConfigConstants.SG_REMOTE_ADDRESS_HEADER); if(remoteAddressHeader == null) { getThreadContext().putHeader(ConfigConstants.SG_REMOTE_ADDRESS_HEADER, Base64Helper.serializeObject(((TransportAddress) remoteAdr).address())); } /*else { if(!((InetSocketAddress)Base64Helper.deserializeObject(remoteAddressHeader)).equals(((TransportAddress) remoteAdr).address())) { throw new RuntimeException("remote address mismatch "+Base64Helper.deserializeObject(remoteAddressHeader)+"!="+((TransportAddress) remoteAdr).address()); } }*/ } if(origUser != null) { String userHeader = getThreadContext().getHeader(ConfigConstants.SG_USER_HEADER); if(userHeader == null) { getThreadContext().putHeader(ConfigConstants.SG_USER_HEADER, Base64Helper.serializeObject(origUser)); } /*else { if(!((User)Base64Helper.deserializeObject(userHeader)).getName().equals(origUser.getName())) { throw new RuntimeException("user mismatch "+Base64Helper.deserializeObject(userHeader)+"!="+origUser); } }*/ } }
threadContext.putHeader(ConfigConstants.SG_CONF_REQUEST_HEADER, "true");
private SearchGuardLicense createOrGetTrial(String msg) { long created = System.currentTimeMillis(); ThreadContext threadContext = threadPool.getThreadContext(); try(StoredContext ctx = threadContext.stashContext()) { threadContext.putHeader(ConfigConstants.SG_CONF_REQUEST_HEADER, "true"); GetResponse get = client.prepareGet(searchguardIndex, "sg", "tattr").get(); if(get.isExists()) { created = (long) get.getSource().get("val"); } else { try { client.index(new IndexRequest(searchguardIndex) .type("sg") .id("tattr") .setRefreshPolicy(RefreshPolicy.IMMEDIATE) .create(true) .source("{\"val\": "+System.currentTimeMillis()+"}", XContentType.JSON)).actionGet(); } catch (VersionConflictEngineException e) { //ignore } catch (Exception e) { LOGGER.error("Unable to index tattr", e); } } } return SearchGuardLicense.createTrialLicense(formatDate(created), clusterService, msg); } }
threadContext.putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" FILTER -> "+"Node "+cs.localNode().getName()+" -> "+action+" userIsAdmin="+userIsAdmin+"/conRequest="+confRequest+"/internalRequest="+internalRequest +"origin="+threadContext.getTransient(ConfigConstants.SG_ORIGIN)+"/directRequest="+HeaderHelper.isDirectRequest(threadContext)+"/remoteAddress="+request.remoteAddress()+" "+threadContext.getHeaders().entrySet().stream().filter(p->!p.getKey().startsWith("_sg_trace")).collect(Collectors.toMap(p -> p.getKey(), p -> p.getValue())));
getThreadContext().putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" DIR -> "+transportChannel.getChannelType()+" "+getThreadContext().getHeaders()); getThreadContext().putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" NETTI -> "+transportChannel.getChannelType()+" "+getThreadContext().getHeaders().entrySet().stream().filter(p->!p.getKey().startsWith("_sg_trace")).collect(Collectors.toMap(p -> p.getKey(), p -> p.getValue()))); getThreadContext().putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" FIN -> "+transportChannel.getChannelType()+" "+getThreadContext().getHeaders());
tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf"); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); } finally { try { Header header = encodeBasicHeader("worf", "worf"); tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); try { Header header = encodeBasicHeader("worf", "worf111"); tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); ctx = tc.threadPool().getThreadContext().stashContext(); try { tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "gkar"); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum"); gr = tc.prepareGet("searchguard", "sg", "config").setRealtime(Boolean.TRUE).get(); Assert.assertFalse(gr.isExists()); ctx = tc.threadPool().getThreadContext().stashContext(); try { tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf"); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); } finally { try { Header header = encodeBasicHeader("worf", "worf"); tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); try { Header header = encodeBasicHeader("worf", "worf111"); tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); ctx = tc.threadPool().getThreadContext().stashContext(); try { tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "gkar"); gr = tc.prepareGet("vulcan", "secrets", "s1").get(); Assert.fail(); tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum"); gr = tc.prepareGet("searchguard", "sg", "config").setRealtime(Boolean.TRUE).get(); Assert.assertFalse(gr.isExists()); ctx = tc.threadPool().getThreadContext().stashContext(); try { tc.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
void tryAllHandlers(final RestRequest request, final RestChannel channel, final ThreadContext threadContext) throws Exception { for (String key : headersToCopy) { String httpHeader = request.header(key); if (httpHeader != null) { threadContext.putHeader(key, httpHeader); } } // Request execution flag boolean requestHandled = false; if (checkErrorTraceParameter(request, channel) == false) { channel.sendResponse( BytesRestResponse.createSimpleErrorResponse(channel, BAD_REQUEST, "error traces in responses are disabled.")); return; } // Loop through all possible handlers, attempting to dispatch the request Iterator<MethodHandlers> allHandlers = getAllHandlers(request); for (Iterator<MethodHandlers> it = allHandlers; it.hasNext(); ) { final Optional<RestHandler> mHandler = Optional.ofNullable(it.next()).flatMap(mh -> mh.getHandler(request.method())); requestHandled = dispatchRequest(request, channel, client, mHandler); if (requestHandled) { break; } } // If request has not been handled, fallback to a bad request error. if (requestHandled == false) { handleBadRequest(request, channel); } }
private void putInitialActionClassHeader(String initialActionClassValue, String resolvedActionClass) { if(initialActionClassValue == null) { if(getThreadContext().getHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER, resolvedActionClass); } } else { if(getThreadContext().getHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER) == null) { getThreadContext().putHeader(ConfigConstants.SG_INITIAL_ACTION_CLASS_HEADER, initialActionClassValue); } } }
private void attachSourceFieldContext(ActionRequest request) { if(request instanceof SearchRequest && SourceFieldsContext.isNeeded((SearchRequest) request)) { if(threadContext.getHeader("_sg_source_field_context") == null) { final String serializedSourceFieldContext = Base64Helper.serializeObject(new SourceFieldsContext((SearchRequest) request)); threadContext.putHeader("_sg_source_field_context", serializedSourceFieldContext); } } else if (request instanceof GetRequest && SourceFieldsContext.isNeeded((GetRequest) request)) { if(threadContext.getHeader("_sg_source_field_context") == null) { final String serializedSourceFieldContext = Base64Helper.serializeObject(new SourceFieldsContext((GetRequest) request)); threadContext.putHeader("_sg_source_field_context", serializedSourceFieldContext); } } }
@Override public void onResponse(final Response response) { try { searchResponseListener.onResponse(response); } catch (final RetrySearchException e) { threadPool.getThreadContext().putHeader(DYNARANK_RERANK_ENABLE, Boolean.FALSE.toString()); source.size(size); source.from(from); source.toString(); final SearchSourceBuilder newSource = e.rewrite(source); if (newSource == null) { throw new ElasticsearchException("Failed to rewrite source: " + source); } if (logger.isDebugEnabled()) { logger.debug("Original Query: \n{}\nRewrited Query: \n{}", source, newSource); } request.source(newSource); @SuppressWarnings("unchecked") final ActionListener<SearchResponse> actionListener = (ActionListener<SearchResponse>) listener; client.search(request, actionListener); } }
@Override public void onResponse(final Response response) { try { searchResponseListener.onResponse(response); } catch (final RetrySearchException e) { threadPool.getThreadContext().putHeader(DYNARANK_RERANK_ENABLE, Boolean.FALSE.toString()); source.size(size); source.from(from); source.toString(); final SearchSourceBuilder newSource = e.rewrite(source); if (newSource == null) { throw new ElasticsearchException("Failed to rewrite source: " + source); } if (logger.isDebugEnabled()) { logger.debug("Original Query: \n{}\nRewrited Query: \n{}", source, newSource); } request.source(newSource); @SuppressWarnings("unchecked") final ActionListener<SearchResponse> actionListener = (ActionListener<SearchResponse>) listener; client.search(request, actionListener); } }
@Override public <T extends TransportResponse> void sendRequest(Transport.Connection connection, String action, TransportRequest request, TransportRequestOptions options, TransportResponseHandler<T> handler) { if (bucklerConfig.getAuthConfig().isEnabledForTcp()) { String authorization = bucklerConfig.getAuthConfig().getAuthorization(); if (threadContext.getHeader("Authorization") == null) { threadContext.putHeader("Authorization", authorization); } } sender.sendRequest(connection, action, request, options, handler); } }
@Override public void handleResponse(StringMessageResponse response) { assertThat("pong", equalTo(response.message)); assertEquals("ping_user", threadPool.getThreadContext().getHeader("test.ping.user")); assertNull(threadPool.getThreadContext().getHeader("test.pong.user")); assertSame(context, threadPool.getThreadContext().getTransient("my_private_context")); threadPool.getThreadContext().putHeader("some.temp.header", "booooom"); }
void dispatchRequest(final RestRequest request, final RestChannel channel, final NodeClient client, ThreadContext threadContext, final RestHandler handler) throws Exception { if (checkRequestParameters(request, channel) == false) { channel .sendResponse(BytesRestResponse.createSimpleErrorResponse(channel,BAD_REQUEST, "error traces in responses are disabled.")); } else { for (String key : headersToCopy) { String httpHeader = request.header(key); if (httpHeader != null) { threadContext.putHeader(key, httpHeader); } } if (handler == null) { if (request.method() == RestRequest.Method.OPTIONS) { // when we have OPTIONS request, simply send OK by default (with the Access Control Origin header which gets automatically added) channel.sendResponse(new BytesRestResponse(OK, BytesRestResponse.TEXT_CONTENT_TYPE, BytesArray.EMPTY)); } else { final String msg = "No handler found for uri [" + request.uri() + "] and method [" + request.method() + "]"; channel.sendResponse(new BytesRestResponse(BAD_REQUEST, msg)); } } else { final RestHandler wrappedHandler = Objects.requireNonNull(handlerWrapper.apply(handler)); wrappedHandler.handleRequest(request, channel, client); } } }