private ThreadContext newThreadContext(String sslPrincipal) { ThreadContext threadContext = new ThreadContext(Settings.EMPTY); threadContext.putTransient(ConfigConstants.SG_SSL_PRINCIPAL, sslPrincipal); return threadContext; }
InetAddress iAdress = InetAddress.getByName(ipAndPort[0]); int port = Integer.parseInt(ipAndPort[1]); threadPool.getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, new TransportAddress(iAdress, port)); } catch (UnknownHostException | NumberFormatException e) { log.error("Cannot parse remote IP or port: {}, user injection failed.", parts[2], e); threadPool.getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, xffResolver.resolve(request)); threadPool.getThreadContext().putTransient(ConfigConstants.SG_USER, user); auditLog.logSucceededLogin(parts[0], true, null, request); if (log.isTraceEnabled()) {
@Override protected void addAdditionalContextValues(final String action, final TransportRequest request, final X509Certificate[] localCerts, final X509Certificate[] peerCerts, final String principal) throws Exception { boolean isInterClusterRequest = requestEvalProvider.isInterClusterRequest(request, localCerts, peerCerts, principal); if (isInterClusterRequest) { boolean fromTn = Boolean.parseBoolean(getThreadContext().getHeader("_sg_header_tn")); if(fromTn || cs.getClusterName().value().equals(getThreadContext().getHeader("_sg_remotecn"))) { if (log.isTraceEnabled() && !action.startsWith("internal:")) { log.trace("Is inter cluster request ({}/{}/{})", action, request.getClass(), request.remoteAddress()); } getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_INTERCLUSTER_REQUEST, Boolean.TRUE); } else { getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_TRUSTED_CLUSTER_REQUEST, Boolean.TRUE); } } else { if (log.isTraceEnabled()) { log.trace("Is not an inter cluster request"); } } super.addAdditionalContextValues(action, request, localCerts, peerCerts, principal); } }
@Override public void dispatchRequest(RestRequest request, RestChannel channel, ThreadContext threadContext) { threadContext.putTransient(ConfigConstants.SG_INJECTED_USER, request.header(ConfigConstants.SG_INJECTED_USER)); originalDispatcher.dispatchRequest(request, channel, threadContext); }
@Override public void dispatchBadRequest(RestRequest request, RestChannel channel, ThreadContext threadContext, Throwable cause) { threadContext.putTransient(ConfigConstants.SG_INJECTED_USER, request.header(ConfigConstants.SG_INJECTED_USER)); originalDispatcher.dispatchBadRequest(request, channel, threadContext, cause); } }
threadContext.putTransient(ConfigConstants.SG_XFF_DONE, Boolean.TRUE);
private boolean checkAndAuthenticateRequest(RestRequest request, RestChannel channel, NodeClient client) throws Exception { threadContext.putTransient(ConfigConstants.SG_ORIGIN, Origin.REST.toString()); if((sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, request, principalExtractor)) != null) { if(sslInfo.getPrincipal() != null) { threadContext.putTransient("_sg_ssl_principal", sslInfo.getPrincipal()); threadContext.putTransient("_sg_ssl_peer_certificates", sslInfo.getX509Certs()); threadContext.putTransient("_sg_ssl_protocol", sslInfo.getProtocol()); threadContext.putTransient("_sg_ssl_cipher", sslInfo.getCipher());
threadPool.getThreadContext().putTransient(ConfigConstants.SG_USER, new User(sslPrincipal)); auditLog.logSucceededLogin(sslPrincipal, true, null, request); return true; threadContext.putTransient(ConfigConstants.SG_REMOTE_ADDRESS, remoteAddress); threadContext.putTransient(ConfigConstants.SG_USER, impersonatedUser==null?authenticatedUser:impersonatedUser); auditLog.logSucceededLogin((impersonatedUser==null?authenticatedUser:impersonatedUser).getName(), false, authenticatedUser.getName(), request); } else { threadContext.putTransient(ConfigConstants.SG_USER, User.ANONYMOUS); auditLog.logSucceededLogin(User.ANONYMOUS.getName(), false, null, request); if(log.isDebugEnabled()) {
getThreadContext().putTransient(ConfigConstants.SG_ORIGIN, originHeader); getThreadContext().putTransient(ConfigConstants.SG_CHANNEL_TYPE, transportChannel.getChannelType()); getThreadContext().putTransient(ConfigConstants.SG_ACTION_NAME, task.getAction()); getThreadContext().putTransient(ConfigConstants.SG_USER, Objects.requireNonNull((User) Base64Helper.deserializeObject(userHeader))); getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, new TransportAddress((InetSocketAddress) Base64Helper.deserializeObject(originalRemoteAddress))); getThreadContext().putTransient(ConfigConstants.SG_ORIGIN, Origin.TRANSPORT.toString()); getThreadContext().putTransient(ConfigConstants.SG_USER, Objects.requireNonNull((User) Base64Helper.deserializeObject(userHeader))); getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, new TransportAddress((InetSocketAddress) Base64Helper.deserializeObject(originalRemoteAddress))); } else { getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, request.remoteAddress()); getThreadContext().putTransient(ConfigConstants.SG_USER, user); TransportAddress originalRemoteAddress = request.remoteAddress(); getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, originalRemoteAddress); } else { log.error("Request has no proper remote address {}", originalRemoteAddress);
threadContext.putTransient(ConfigConstants.SG_ORIGIN, Origin.LOCAL.toString());
/** * Removes the current context and resets a default context marked with as * originating from the supplied string. The removed context can be * restored by closing the returned {@link StoredContext}. Callers should * be careful to save the current context before calling this method and * restore it any listeners, likely with * {@link ContextPreservingActionListener}. Use {@link OriginSettingClient} * which can be used to do this automatically. * <p> * Without security the origin is ignored, but security uses it to authorize * actions that are made up of many sub-actions. These actions call * {@link #stashWithOrigin} before performing on behalf of a user that * should be allowed even if the user doesn't have permission to perform * those actions on their own. * <p> * For example, a user might not have permission to GET from the tasks index * but the tasks API will perform a get on their behalf using this method * if it can't find the task in memory. */ public StoredContext stashWithOrigin(String origin) { final ThreadContext.StoredContext storedContext = stashContext(); putTransient(ACTION_ORIGIN_TRANSIENT_NAME, origin); return storedContext; }
/** * Puts a transient header object into this context */ public void putTransient(String key, Object value) { threadLocal.set(threadLocal.get().putTransient(key, value)); }
streamIn.setVersion(version); threadPool.getThreadContext().readHeaders(streamIn); threadPool.getThreadContext().putTransient("_remote_address", remoteAddress); if (TransportStatus.isRequest(status)) { handleRequest(channel, profileName, streamIn, requestId, messageLengthBytes, version, remoteAddress, status);
public static ThreadContext.StoredContext stashWithOrigin(ThreadContext threadContext, String origin) { final ThreadContext.StoredContext storedContext = threadContext.stashContext(); threadContext.putTransient(ACTION_ORIGIN_TRANSIENT_NAME, origin); return storedContext; } }
public static ThreadContext.StoredContext stashWithOrigin(ThreadContext threadContext, String origin) { final ThreadContext.StoredContext storedContext = threadContext.stashContext(); threadContext.putTransient(ACTION_ORIGIN_TRANSIENT_NAME, origin); return storedContext; } }
@Override protected void addAdditionalContextValues(final String action, final TransportRequest request, final X509Certificate[] localCerts, final X509Certificate[] peerCerts, final String principal) throws Exception { boolean isInterClusterRequest = requestEvalProvider.isInterClusterRequest(request, localCerts, peerCerts, principal); if (isInterClusterRequest) { boolean fromTn = Boolean.parseBoolean(getThreadContext().getHeader("_sg_header_tn")); if(fromTn || cs.getClusterName().value().equals(getThreadContext().getHeader("_sg_remotecn"))) { if (log.isTraceEnabled() && !action.startsWith("internal:")) { log.trace("Is inter cluster request ({}/{}/{})", action, request.getClass(), request.remoteAddress()); } getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_INTERCLUSTER_REQUEST, Boolean.TRUE); } else { getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_TRUSTED_CLUSTER_REQUEST, Boolean.TRUE); } } else { if (log.isTraceEnabled()) { log.trace("Is not an inter cluster request"); } } super.addAdditionalContextValues(action, request, localCerts, peerCerts, principal); } }
(request, channel) -> { threadPool.getThreadContext().putTransient("boom", new Object()); threadPool.getThreadContext().addResponseHeader("foo.bar", "baz"); if ("fail".equals(request.info)) {
private boolean checkAndAuthenticateRequest(RestRequest request, RestChannel channel, NodeClient client) throws Exception { threadContext.putTransient(ConfigConstants.SG_ORIGIN, Origin.REST.toString()); if((sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, request, principalExtractor)) != null) { if(sslInfo.getPrincipal() != null) { threadContext.putTransient("_sg_ssl_principal", sslInfo.getPrincipal()); threadContext.putTransient("_sg_ssl_peer_certificates", sslInfo.getX509Certs()); threadContext.putTransient("_sg_ssl_protocol", sslInfo.getProtocol()); threadContext.putTransient("_sg_ssl_cipher", sslInfo.getCipher());
streamIn.setVersion(version); threadPool.getThreadContext().readHeaders(streamIn); threadPool.getThreadContext().putTransient("_remote_address", remoteAddress); if (TransportStatus.isRequest(status)) { handleRequest(channel, profileName, streamIn, requestId, messageLengthBytes, version, remoteAddress, status);
StringMessageRequest ping = new StringMessageRequest("ping"); threadPool.getThreadContext().putHeader("test.ping.user", "ping_user"); threadPool.getThreadContext().putTransient("my_private_context", context);