move authenticate into plugin level

Signed-off-by: Stephen Crawford <[email protected]>
stephen-crawford · Oct 13, 2023 · eace8a3 · eace8a3
1 parent 6b57759
commit eace8a3
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java b/plugins/identity-shiro/src/main/java/org/opensearch/identity/shiro/ShiroIdentityPlugin.java
@@ -14,6 +14,7 @@
 import org.apache.shiro.mgt.SecurityManager;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 import org.opensearch.plugins.Plugin;
@@ -61,4 +62,12 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return this.authTokenHandler;
     }
+
+    /**
+     * passthrough for test module
+     * @param subject
+     * @param authToken
+     */
+    @Override
+    public void authenticate(Subject subject, AuthToken authToken) {}
 }
diff --git a/server/src/main/java/org/opensearch/identity/IdentityService.java b/server/src/main/java/org/opensearch/identity/IdentityService.java
@@ -10,6 +10,7 @@
 import org.opensearch.OpenSearchException;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.identity.noop.NoopIdentityPlugin;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 
@@ -57,4 +58,11 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return identityPlugin.getTokenManager();
     }
+
+    /**
+     * Attempts to authenticate the provided subject using the provided token
+     */
+    public void authenticate(Subject subject, AuthToken token) {
+        identityPlugin.authenticate(subject, token);
+    }
 }
diff --git a/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java b/server/src/main/java/org/opensearch/identity/noop/NoopIdentityPlugin.java
@@ -9,6 +9,7 @@
 package org.opensearch.identity.noop;
 
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
 
@@ -38,4 +39,9 @@ public Subject getSubject() {
     public TokenManager getTokenManager() {
         return new NoopTokenManager();
     }
+
+    @Override
+    public void authenticate(Subject subject, AuthToken authToken) {
+        // Do nothing since noop
+    }
 }
diff --git a/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java b/server/src/main/java/org/opensearch/plugins/IdentityPlugin.java
@@ -9,6 +9,7 @@
 package org.opensearch.plugins;
 
 import org.opensearch.identity.Subject;
+import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.TokenManager;
 
 /**
@@ -29,4 +30,9 @@ public interface IdentityPlugin {
      * @return Should never return null.
      */
     public TokenManager getTokenManager();
+
+    /**
+     * Attempt to authenticate the provided subject using the provided authToken
+     */
+    public void authenticate(Subject subject, AuthToken authToken);
 }
diff --git a/server/src/main/java/org/opensearch/rest/RestController.java b/server/src/main/java/org/opensearch/rest/RestController.java
@@ -535,7 +535,7 @@ private boolean handleAuthenticateUser(final RestRequest request, final RestChan
                 return true;
             }
             final Subject currentSubject = identityService.getSubject();
-            currentSubject.authenticate(token);
+            identityService.authenticate(currentSubject, token);
             logger.debug("Logged in as user " + currentSubject);
         } catch (final Exception e) {
             try {