From 3d72b115b890314d4dbfdcebc1834fc9f463af3c Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Fri, 12 May 2023 10:33:48 -0400 Subject: [PATCH] Changes direct request comparision to compare using localNode Signed-off-by: Darshit Chanpura --- .../transport/SecurityInterceptor.java | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java index 1f234d937f..62f4f8f492 100644 --- a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java +++ b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java @@ -128,7 +128,7 @@ public void sendRequestDecorate(AsyncSender sender final String origCCSTransientMf = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_MASKED_FIELD_CCS); final boolean isDebugEnabled = log.isDebugEnabled(); - final boolean isDirectRequest = HeaderHelper.isDirectRequest(getThreadContext()); + final boolean isDirectRequest = cs.localNode().equals(connection.getNode()); // using DiscoveryNode equals comparison here try (ThreadContext.StoredContext stashedContext = getThreadContext().stashContext()) { final TransportResponseHandler restoringHandler = new RestoringTransportResponseHandler(handler, stashedContext); @@ -236,25 +236,26 @@ private void ensureCorrectHeaders(final Object remoteAdr, final User origUser, f } } - + User user = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); String userHeader = getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER); - if(userHeader == null) { - if(origUser != null) { - if(isDirectRequest) { - // if request is going to be handled by same node, we directly put transient value as the thread context is not going to be stah. - getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, origUser); - } else { - getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser)); - } - } - else if(StringUtils.isNotEmpty(injectedRolesString)) { - getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_ROLES_HEADER, injectedRolesString); - } - else if(StringUtils.isNotEmpty(injectedUserString)) { - getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER_HEADER, injectedUserString); + + if(origUser != null) { + if(isDirectRequest) { + // if request is going to be handled by same node, we directly put transient value as the thread context is not going to be stah. + getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, origUser); +// getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser)); + } else { + getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser)); } } + else if(StringUtils.isNotEmpty(injectedRolesString)) { + getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_ROLES_HEADER, injectedRolesString); + } + else if(StringUtils.isNotEmpty(injectedUserString)) { + getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER_HEADER, injectedUserString); + } + }