From 1f12e5e183cba894918b7cecb91c5fb77075635d Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Wed, 16 Aug 2023 11:15:56 -0700 Subject: [PATCH] Change the backendrole check's claim name into br Signed-off-by: Ryan Liang --- .../java/org/opensearch/security/authtoken/jwt/JwtVendor.java | 2 +- .../org/opensearch/security/http/OnBehalfOfAuthenticator.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java index 4372e2dfee..0b9154a09b 100644 --- a/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java +++ b/src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java @@ -152,7 +152,7 @@ public String createJwt( if (bwcModeEnabled && backendRoles != null) { String listOfBackendRoles = String.join(",", backendRoles); - jwtClaims.setProperty("dbr", listOfBackendRoles); + jwtClaims.setProperty("br", listOfBackendRoles); } String encodedJwt = jwtProducer.processJwt(jwt); diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java index fb894c5ffc..23d3bb6d75 100644 --- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java @@ -104,11 +104,11 @@ private List extractSecurityRolesFromClaims(Claims claims) { private String[] extractBackendRolesFromClaims(Claims claims) { // Object backendRolesObject = ObjectUtils.firstNonNull(claims.get("ebr"), claims.get("dbr")); - if (!claims.containsKey("dbr")) { + if (!claims.containsKey("br")) { return null; } - Object backendRolesObject = claims.get("dbr"); + Object backendRolesObject = claims.get("br"); String[] backendRoles; if (backendRolesObject == null) {