Skip to content

Commit

Permalink
Moved isAuthenticated check to InternalSubject before attempting login
Browse files Browse the repository at this point in the history
Signed-off-by: Darshit Chanpura <[email protected]>
  • Loading branch information
DarshitChanpura committed Dec 7, 2022
1 parent 5d449c0 commit 5db6f1b
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ private static AuthenticationToken handleBasicAuth(final BasicAuthToken token) {
return null;
}

logger.info("Logging in as: " + username);
logger.info("Attempting authentication as: " + username);

return new UsernamePasswordToken(username, password);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,16 @@ public String toString() {
*/
public void login(AuthenticationToken authenticationToken) {
org.apache.shiro.authc.AuthenticationToken authToken = AuthenticationTokenHandler.extractShiroAuthToken(authenticationToken);

// If already authenticated, do not check login info again
/*
TODO: understand potential repercussions in following situations:
1. How to handle this in password change situations
2. Can two subjects in same environment have same principal name? if so the following check is invalid
*/
if (this.isAuthenticated() && this.getPrincipal().getName().equals(authToken.getPrincipal())) {
return;
}
// Login via shiro realm.
shiroSubject.login(authToken);
}
Expand Down
19 changes: 1 addition & 18 deletions server/src/main/java/org/opensearch/rest/RestController.java
Original file line number Diff line number Diff line change
Expand Up @@ -622,7 +622,7 @@ private boolean authenticate(RestRequest request, RestChannel channel) throws IO
try {
headerToken = tokenType(authHeader.get());
subject = Identity.getAuthManager().getSubject();
getShiroSessionAndLogin(subject, headerToken);
subject.login(headerToken);
logger.info("Authentication successful");
return true;
} catch (final AuthenticationException ae) {
Expand Down Expand Up @@ -667,21 +667,4 @@ private AuthenticationToken tokenType(String authHeader) {
// support other type of header tokens
return null;
}

/**
* Get or create a shiro session before attempting login
*
* Should prevent "{@link org.apache.shiro.session.UnknownSessionException} There is no session with id '123'"
*
* @param subject Current shiro subject
* @param headerToken Attempt login using this token
*/
private static void getShiroSessionAndLogin(Subject subject, AuthenticationToken headerToken) {
// TODO: potential repercussions. i.e. How to handle this in password change situations
// TODO: should logout be implemented to handle this
if (subject.isAuthenticated()) return;

subject.login(headerToken);
}

}

0 comments on commit 5db6f1b

Please sign in to comment.