diff --git a/src/main/java/org/opensearch/security/http/InterceptingRestChannel.java b/src/main/java/org/opensearch/security/http/InterceptingRestChannel.java index 553c5c5ca8..bfc908613c 100644 --- a/src/main/java/org/opensearch/security/http/InterceptingRestChannel.java +++ b/src/main/java/org/opensearch/security/http/InterceptingRestChannel.java @@ -1,52 +1,20 @@ package org.opensearch.security.http; -import org.opensearch.common.Nullable; -import org.opensearch.common.io.stream.BytesStreamOutput; -import org.opensearch.core.xcontent.MediaType; -import org.opensearch.core.xcontent.XContentBuilder; -import org.opensearch.rest.RestChannel; +import org.opensearch.rest.AbstractRestChannel; import org.opensearch.rest.RestRequest; import org.opensearch.rest.RestResponse; -import java.io.IOException; - -public class InterceptingRestChannel implements RestChannel { +public class InterceptingRestChannel extends AbstractRestChannel { private RestResponse interceptedResponse; - public InterceptingRestChannel() {} + public InterceptingRestChannel(RestRequest request, boolean detailedErrorsEnabled) { + super(request, detailedErrorsEnabled); + } public RestResponse getInterceptedResponse() { return this.interceptedResponse; } - public XContentBuilder newBuilder() throws IOException { - throw new UnsupportedOperationException("Operation not supported"); - } - - public XContentBuilder newErrorBuilder() throws IOException { - throw new UnsupportedOperationException("Operation not supported"); - } - - public XContentBuilder newBuilder(@Nullable MediaType mediaType, boolean useFiltering) throws IOException { - throw new UnsupportedOperationException("Operation not supported"); - } - - public XContentBuilder newBuilder(MediaType mediaType, MediaType responseContentType, boolean useFiltering) throws IOException { - throw new UnsupportedOperationException("Operation not supported"); - } - - public BytesStreamOutput bytesOutput() { - throw new UnsupportedOperationException("Operation not supported"); - } - - public RestRequest request() { - throw new UnsupportedOperationException("Operation not supported"); - } - - public boolean detailedErrorsEnabled() { - throw new UnsupportedOperationException("Operation not supported"); - } - public void sendResponse(RestResponse response) { this.interceptedResponse = response; } diff --git a/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java b/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java index 03de67a49b..f2b71703b5 100644 --- a/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java +++ b/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java @@ -54,7 +54,7 @@ public void channelRead0(ChannelHandlerContext ctx, DefaultHttpRequest msg) thro final Netty4DefaultHttpRequest httpRequest = new Netty4DefaultHttpRequest(msg); RestRequest restRequest = AbstractHttpServerTransport.createRestRequest(xContentRegistry, httpRequest, httpChannel); - InterceptingRestChannel interceptingRestChannel = new InterceptingRestChannel(); + InterceptingRestChannel interceptingRestChannel = new InterceptingRestChannel(restRequest, false); ThreadContext threadContext = threadPool.getThreadContext(); try (ThreadContext.StoredContext ignore = threadPool.getThreadContext().stashContext()) { boolean isUnauthenticated = restFilter.checkAndAuthenticateRequest(restRequest, interceptingRestChannel, threadContext); @@ -69,7 +69,8 @@ public void channelRead0(ChannelHandlerContext ctx, DefaultHttpRequest msg) thro } else { ctx.channel().attr(SHOULD_DECOMPRESS).set(Boolean.TRUE); } + } finally { + ctx.fireChannelRead(msg); } - ctx.fireChannelRead(msg); } } diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 0edc55c47c..6c1812c32b 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -510,12 +510,15 @@ public void testUpdateSettings() throws Exception { + "}" + "}"; + String expectedRequestBodyLog = + "{\\\"persistent_settings\\\":{\\\"indices\\\":{\\\"recovery\\\":{\\\"*\\\":null}}},\\\"transient_settings\\\":{\\\"indices\\\":{\\\"recovery\\\":{\\\"*\\\":null}}}}"; + HttpResponse response = rh.executePutRequest("_cluster/settings", json, encodeBasicHeader("admin", "admin")); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); String auditLogImpl = TestAuditlogImpl.sb.toString(); Assert.assertTrue(auditLogImpl.contains("AUTHENTICATED")); Assert.assertTrue(auditLogImpl.contains("cluster:admin/settings/update")); - Assert.assertTrue(auditLogImpl.contains("indices.recovery.*")); + Assert.assertTrue(auditLogImpl.contains(expectedRequestBodyLog)); // may vary because we log may hit cluster manager directly or not Assert.assertTrue(TestAuditlogImpl.messages.size() > 1); Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages)); diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterUnitTests.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterUnitTests.java index d0af5dcdc9..85f51ccea0 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterUnitTests.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterUnitTests.java @@ -21,8 +21,6 @@ import java.nio.file.Path; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock;