Clear attributes with early response

Signed-off-by: Craig Perkins <[email protected]>
cwperks · Oct 6, 2023 · 678fc0e · 678fc0e
1 parent 1773227
commit 678fc0e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 18 deletions.
diff --git a/src/main/java/org/opensearch/security/filter/NettyAttribute.java b/src/main/java/org/opensearch/security/filter/NettyAttribute.java
@@ -36,4 +36,14 @@ public static <T> Optional<T> peekFrom(final ChannelHandlerContext ctx, final At
         return Optional.ofNullable(ctx.channel().attr(attribute).get());
     }
 
+    /**
+     * Clears an attribute value from the channel handler context
+     */
+    public static <T> void clearAttribute(final RestRequest request, final AttributeKey<T> attribute) {
+        if (request.getHttpChannel() instanceof Netty4HttpChannel) {
+            Channel nettyChannel = ((Netty4HttpChannel) request.getHttpChannel()).getNettyChannel();
+            nettyChannel.attr(attribute).set(null);
+        }
+    }
+
 }
diff --git a/src/main/java/org/opensearch/security/filter/SecurityRequestChannel.java b/src/main/java/org/opensearch/security/filter/SecurityRequestChannel.java
@@ -19,8 +19,8 @@
 public interface SecurityRequestChannel extends SecurityRequest {
 
     /** Associate a response with this channel */
-    public void queueForSending(final SecurityResponse response);
+    void queueForSending(final SecurityResponse response);
 
     /** Acess the queued response */
-    public Optional<SecurityResponse> getQueuedResponse();
+    Optional<SecurityResponse> getQueuedResponse();
 }
diff --git a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
@@ -134,7 +134,8 @@ public RestHandler wrap(RestHandler original, AdminDNs adminDNs) {
 
             final Optional<SecurityResponse> maybeSavedResponse = NettyAttribute.popFrom(request, EARLY_RESPONSE);
             if (maybeSavedResponse.isPresent()) {
-                log.info("Found saved response for this request");
+                NettyAttribute.clearAttribute(request, CONTEXT_TO_RESTORE);
+                NettyAttribute.clearAttribute(request, IS_AUTHENTICATED);
                 channel.sendResponse(maybeSavedResponse.get().asRestResponse());
                 return;
             }

diff --git a/src/main/java/org/opensearch/security/http/SecurityNonSslHttpServerTransport.java b/src/main/java/org/opensearch/security/http/SecurityNonSslHttpServerTransport.java
@@ -47,7 +47,6 @@
 public class SecurityNonSslHttpServerTransport extends Netty4HttpServerTransport {
 
     private SecurityRestFilter restFilter;
-    private final NamedXContentRegistry namedXContentRegistry;
 
     public SecurityNonSslHttpServerTransport(
         final Settings settings,
@@ -73,7 +72,6 @@ public SecurityNonSslHttpServerTransport(
             tracer
         );
         this.restFilter = restFilter;
-        this.namedXContentRegistry = namedXContentRegistry;
     }
 
     @Override
@@ -95,7 +93,7 @@ protected void initChannel(Channel ch) throws Exception {
 
     @Override
     protected ChannelInboundHandlerAdapter createHeaderVerifier() {
-        return new Netty4HttpRequestHeaderVerifier(restFilter, namedXContentRegistry, threadPool, handlingSettings, settings);
+        return new Netty4HttpRequestHeaderVerifier(restFilter, threadPool, settings);
     }
 
     @Override

diff --git a/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java b/src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java
@@ -16,10 +16,8 @@
 import io.netty.util.ReferenceCountUtil;
 import org.opensearch.ExceptionsHelper;
 import org.opensearch.common.util.concurrent.ThreadContext;
-import org.opensearch.core.xcontent.NamedXContentRegistry;
 
 import io.netty.channel.ChannelHandlerContext;
-import org.opensearch.http.HttpHandlingSettings;
 import org.opensearch.http.netty4.Netty4HttpChannel;
 import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityRequestChannelUnsupported;
@@ -51,13 +49,7 @@ public class Netty4HttpRequestHeaderVerifier extends SimpleChannelInboundHandler
     private final boolean injectUserEnabled;
     private final boolean passthrough;
 
-    public Netty4HttpRequestHeaderVerifier(
-        SecurityRestFilter restFilter,
-        NamedXContentRegistry xContentRegistry,
-        ThreadPool threadPool,
-        HttpHandlingSettings handlingSettings,
-        Settings settings
-    ) {
+    public Netty4HttpRequestHeaderVerifier(SecurityRestFilter restFilter, ThreadPool threadPool, Settings settings) {
         this.restFilter = restFilter;
         this.threadPool = threadPool;
 

diff --git a/...main/java/org/opensearch/security/ssl/http/netty/SecuritySSLNettyHttpServerTransport.java b/...main/java/org/opensearch/security/ssl/http/netty/SecuritySSLNettyHttpServerTransport.java
@@ -49,7 +49,6 @@ public class SecuritySSLNettyHttpServerTransport extends Netty4HttpServerTranspo
     private final SecurityKeyStore sks;
     private final SslExceptionHandler errorHandler;
     private final SecurityRestFilter restFilter;
-    private final NamedXContentRegistry namedXContentRegistry;
 
     public SecuritySSLNettyHttpServerTransport(
         final Settings settings,
@@ -79,7 +78,6 @@ public SecuritySSLNettyHttpServerTransport(
         this.sks = sks;
         this.errorHandler = errorHandler;
         this.restFilter = restFilter;
-        this.namedXContentRegistry = namedXContentRegistry;
     }
 
     @Override
@@ -159,7 +157,7 @@ protected void configurePipeline(Channel ch) {
 
     // @Override
     protected ChannelInboundHandlerAdapter createHeaderVerifier() {
-        return new Netty4HttpRequestHeaderVerifier(restFilter, namedXContentRegistry, threadPool, handlingSettings, settings);
+        return new Netty4HttpRequestHeaderVerifier(restFilter, threadPool, settings);
     }
 
     // @Override