From 4abc12e1fff262ea0e50e0e29fbb41dca30b2b12 Mon Sep 17 00:00:00 2001
From: Craig Perkins <cwperx@amazon.com>
Date: Fri, 6 Oct 2023 12:52:37 -0400
Subject: [PATCH] Only set X-Opaque-Id if present

Signed-off-by: Craig Perkins <cwperx@amazon.com>
---
 .../org/opensearch/security/filter/SecurityRestFilter.java  | 6 ++++--
 .../ssl/http/netty/Netty4HttpRequestHeaderVerifier.java     | 4 +---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
index 02e4a9855d..f95e5f1471 100644
--- a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
+++ b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
@@ -143,13 +143,15 @@ public RestHandler wrap(RestHandler original, AdminDNs adminDNs) {
                 // X_OPAQUE_ID will be overritten on restore - save to apply after restoring the saved context
                 final String xOpaqueId = threadContext.getHeader(Task.X_OPAQUE_ID);
                 storedContext.restore();
-                threadContext.putHeader(Task.X_OPAQUE_ID, xOpaqueId);
+                if (xOpaqueId != null) {
+                    threadContext.putHeader(Task.X_OPAQUE_ID, xOpaqueId);
+                }
             });
 
             final SecurityRequestChannel requestChannel = SecurityRequestFactory.from(request, channel);
 
             // Authenticate request
-            if(!NettyAttribute.popFrom(request, IS_AUTHENTICATED).orElse(false)) {
+            if (!NettyAttribute.popFrom(request, IS_AUTHENTICATED).orElse(false)) {
                 // we aren't authenticated so we should skip this step
                 checkAndAuthenticateRequest(requestChannel);
             }
diff --git a/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java b/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java
index f2c2e6f224..615002ca7f 100644
--- a/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java
+++ b/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java
@@ -88,9 +88,7 @@ public void channelRead0(ChannelHandlerContext ctx, DefaultHttpRequest msg) thro
 
         // TODO: GET PROPER MAVEN BUILD
         // final Netty4HttpChannel httpChannel = ctx.channel().attr(Netty4HttpServerTransport.HTTP_CHANNEL_KEY).get();
-        final Netty4HttpChannel httpChannel = ctx.channel()
-            .attr(AttributeKey.<Netty4HttpChannel>valueOf("opensearch-http-channel"))
-            .get();
+        final Netty4HttpChannel httpChannel = ctx.channel().attr(AttributeKey.<Netty4HttpChannel>valueOf("opensearch-http-channel")).get();
         Matcher matcher = PATTERN_PATH_PREFIX.matcher(msg.uri());
         final String suffix = matcher.matches() ? matcher.group(2) : null;
         if (API_AUTHTOKEN_SUFFIX.equals(suffix)) {