Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix double sending of response in TransportOpenIdConnectPrepareAuthenticationAction (#89930)

This fixes an obvious bug where the listener was resolved twice if any of the first
two failure conditions in the changed method were met.
Prior to #89873 this would lead to a memory leak.
Armin Braun 3 years ago
parent
a4d648ae59
commit
bae3284c69
2 changed files with 9 additions and 4 deletions
Split View Show Diff Stats
  1. 5 0
      docs/changelog/89930.yaml
  2. 4 4
      x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/oidc/TransportOpenIdConnectPrepareAuthenticationAction.java

+ 5 - 0
docs/changelog/89930.yaml
View File 

@@ -0,0 +1,5 @@
 
+pr: 89930
 
+summary: Fix double sending of response in `TransportOpenIdConnectPrepareAuthenticationAction`
 
+area: Authentication
 
+type: bug
 
+issues: []

+ 4 - 4
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/oidc/TransportOpenIdConnectPrepareAuthenticationAction.java
View File 

@@ -13,7 +13,6 @@ import org.elasticsearch.action.support.ActionFilters;
 
 import org.elasticsearch.action.support.HandledTransportAction;
 
 import org.elasticsearch.common.Strings;
 
 import org.elasticsearch.common.inject.Inject;
 
-import org.elasticsearch.common.io.stream.Writeable;
 
 import org.elasticsearch.tasks.Task;
 
 import org.elasticsearch.transport.TransportService;
 
 import org.elasticsearch.xpack.core.security.action.oidc.OpenIdConnectPrepareAuthenticationAction;
 
@@ -24,7 +23,6 @@ import org.elasticsearch.xpack.security.authc.Realms;
 
 import org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealm;
 
 
 import java.util.List;
 
-import java.util.stream.Collectors;
 
 
 public class TransportOpenIdConnectPrepareAuthenticationAction extends HandledTransportAction<
 
     OpenIdConnectPrepareAuthenticationRequest,
 
@@ -42,7 +40,7 @@ public class TransportOpenIdConnectPrepareAuthenticationAction extends HandledTr
 
             OpenIdConnectPrepareAuthenticationAction.NAME,
 
             transportService,
 
             actionFilters,
 
-            (Writeable.Reader<OpenIdConnectPrepareAuthenticationRequest>) OpenIdConnectPrepareAuthenticationRequest::new
 
+            OpenIdConnectPrepareAuthenticationRequest::new
 
         );
 
         this.realms = realms;
 
     }
 
@@ -58,15 +56,17 @@ public class TransportOpenIdConnectPrepareAuthenticationAction extends HandledTr
 
             List<OpenIdConnectRealm> matchingRealms = this.realms.stream()
 
                 .filter(r -> r instanceof OpenIdConnectRealm && ((OpenIdConnectRealm) r).isIssuerValid(request.getIssuer()))
 
                 .map(r -> (OpenIdConnectRealm) r)
 
-                .collect(Collectors.toList());
 
+                .toList();
 
             if (matchingRealms.isEmpty()) {
 
                 listener.onFailure(
 
                     new ElasticsearchSecurityException("Cannot find OpenID Connect realm with issuer [{}]", request.getIssuer())
 
                 );
 
+                return;
 
             } else if (matchingRealms.size() > 1) {
 
                 listener.onFailure(
 
                     new ElasticsearchSecurityException("Found multiple OpenID Connect realm with issuer [{}]", request.getIssuer())
 
                 );
 
+                return;
 
             } else {
 
                 realm = matchingRealms.get(0);
 
             }