Add internal and anonymous authentication types

jaymode · jaymode · commit 0e99c899fa08 · 2018-12-06T12:49:36.000-07:00
This change builds upon the work done in elastic#35970 and adds appropriate types for anonymous and internal authentication to the `AuthenticationType` enum.
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java
@@ -13,9 +13,11 @@
 import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.Authentication.AuthenticationType;
 import org.elasticsearch.xpack.core.security.user.User;
 
 import java.io.IOException;
+import java.util.Collections;
 import java.util.Objects;
 import java.util.function.Consumer;
 
@@ -71,7 +73,8 @@ public void setUser(User user, Version version) {
         } else {
             lookedUpBy = null;
         }
-        setAuthentication(new Authentication(user, authenticatedBy, lookedUpBy, version));
+        setAuthentication(
+            new Authentication(user, authenticatedBy, lookedUpBy, version, AuthenticationType.INTERNAL, Collections.emptyMap()));
     }
 
     /** Writes the authentication to the thread context */
@@ -89,7 +92,7 @@ private void setAuthentication(Authentication authentication) {
      */
     public void executeAsUser(User user, Consumer<StoredContext> consumer, Version version) {
         final StoredContext original = threadContext.newStoredContext(true);
-        try (ThreadContext.StoredContext ctx = threadContext.stashContext()) {
+        try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
             setUser(user, version);
             consumer.accept(original);
         }
@@ -102,9 +105,9 @@ public void executeAsUser(User user, Consumer<StoredContext> consumer, Version v
     public void executeAfterRewritingAuthentication(Consumer<StoredContext> consumer, Version version) {
         final StoredContext original = threadContext.newStoredContext(true);
         final Authentication authentication = Objects.requireNonNull(userSettings.getAuthentication());
-        try (ThreadContext.StoredContext ctx = threadContext.stashContext()) {
+        try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
             setAuthentication(new Authentication(authentication.getUser(), authentication.getAuthenticatedBy(),
-                                                 authentication.getLookedUpBy(), version));
+                authentication.getLookedUpBy(), version, authentication.getAuthenticationType(), authentication.getMetadata()));
             consumer.accept(original);
         }
     }
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java
@@ -274,7 +274,9 @@ public int hashCode() {
     public enum AuthenticationType {
         REALM,
         API_KEY,
-        TOKEN
+        TOKEN,
+        ANONYMOUS,
+        INTERNAL
     }
 }
 
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
@@ -24,6 +24,7 @@
 import org.elasticsearch.transport.TransportMessage;
 import org.elasticsearch.xpack.core.common.IteratingActionListener;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.Authentication.AuthenticationType;
 import org.elasticsearch.xpack.core.security.authc.Authentication.RealmRef;
 import org.elasticsearch.xpack.core.security.authc.AuthenticationFailureHandler;
 import org.elasticsearch.xpack.core.security.authc.AuthenticationResult;
@@ -40,6 +41,7 @@
 import org.elasticsearch.xpack.security.audit.AuditUtil;
 import org.elasticsearch.xpack.security.authc.support.RealmUserLookup;
 
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -363,7 +365,8 @@ void handleNullToken() {
                 authentication = new Authentication(fallbackUser, authenticatedBy, null);
             } else if (isAnonymousUserEnabled) {
                 RealmRef authenticatedBy = new RealmRef("__anonymous", "__anonymous", nodeName);
-                authentication = new Authentication(anonymousUser, authenticatedBy, null);
+                authentication = new Authentication(anonymousUser, authenticatedBy, null, Version.CURRENT, AuthenticationType.ANONYMOUS,
+                    Collections.emptyMap());
             } else {
                 authentication = null;
             }

Original file line number	Diff line number	Diff line change
`@@ -274,7 +274,9 @@ public int hashCode() {`
`274`	`274`	`public enum AuthenticationType {`
`275`	`275`	`REALM,`
`276`	`276`	`API_KEY,`
`277`		`- TOKEN`
	`277`	`+ TOKEN,`
	`278`	`+ ANONYMOUS,`
	`279`	`+ INTERNAL`
`278`	`280`	`}`
`279`	`281`	`}`
`280`	`282`