make class package protected and introduce MATCH_NONE

slobodanadamovic · slobodanadamovic · commit 433c0641de0d · 2025-09-05T16:30:06.000+02:00
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlPrivateAttributePredicate.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlPrivateAttributePredicate.java
@@ -26,39 +26,47 @@
  * When the setting is configured, the attributes whose {@code Attribute#getName} or {@code Attribute#getFriendlyName} match,
  * will be treated as private ({@link SamlPrivateAttribute}).
  */
-public class SamlPrivateAttributePredicate implements Predicate<Attribute> {
+class SamlPrivateAttributePredicate implements Predicate<Attribute> {
 
     private static final Logger logger = LogManager.getLogger(SamlPrivateAttributePredicate.class);
 
+    private static final Predicate<Attribute> MATCH_NONE = new Predicate<Attribute>() {
+        @Override
+        public boolean test(Attribute attribute) {
+            return false;
+        }
+
+        @Override
+        public String toString() {
+            return "<matching no SAML private attributes>";
+        }
+    };
+
     private final Predicate<Attribute> predicate;
 
-    private SamlPrivateAttributePredicate(RealmConfig config) {
+    SamlPrivateAttributePredicate(RealmConfig config) {
         this.predicate = buildPrivateAttributesPredicate(config);
     }
 
-    public static SamlPrivateAttributePredicate create(RealmConfig config) {
-        return new SamlPrivateAttributePredicate(config);
-    }
-
     private static Predicate<Attribute> buildPrivateAttributesPredicate(RealmConfig config) {
 
         if (false == config.hasSetting(PRIVATE_ATTRIBUTES)) {
             logger.trace("No SAML private attributes setting configured.");
-            return attribute -> false;
+            return MATCH_NONE;
         }
 
         final List<String> attributesList = config.getSetting(PRIVATE_ATTRIBUTES);
         if (attributesList == null || attributesList.isEmpty()) {
             logger.trace("No SAML private attributes configured for setting [{}].", PRIVATE_ATTRIBUTES);
-            return attribute -> false;
+            return MATCH_NONE;
         }
 
         final Set<String> attributesSet = attributesList.stream()
             .filter(name -> name != null && false == name.isBlank())
             .collect(Collectors.toUnmodifiableSet());
 
         if (attributesSet.isEmpty()) {
-            return attribute -> false;
+            return MATCH_NONE;
         }
 
         logger.trace("SAML private attributes configured: {}", attributesSet);
@@ -77,7 +85,7 @@ public boolean test(Attribute attribute) {
 
             @Override
             public String toString() {
-                return "SAML private attributes predicate for: " + attributesSet;
+                return "<matching " + attributesSet + " SAML private attributes>";
             }
         };
     }
@@ -87,4 +95,9 @@ public boolean test(Attribute attribute) {
         return predicate.test(attribute);
     }
 
+    @Override
+    public String toString() {
+        return this.getClass().getSimpleName() + " {predicate=" + predicate + "}";
+    }
+
 }
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java
@@ -222,7 +222,7 @@ public static SamlRealm create(
         final Clock clock = Clock.systemUTC();
         final IdpConfiguration idpConfiguration = getIdpConfiguration(config, metadataResolver, idpDescriptor);
         final TimeValue maxSkew = config.getSetting(CLOCK_SKEW);
-        final Predicate<Attribute> privateAttributePredicate = SamlPrivateAttributePredicate.create(config);
+        final Predicate<Attribute> privateAttributePredicate = new SamlPrivateAttributePredicate(config);
         final SamlAuthenticator authenticator = new SamlAuthenticator(
             clock,
             idpConfiguration,
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlSecureAttributePredicateTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlSecureAttributePredicateTests.java
@@ -26,7 +26,7 @@ public void testPredicateWithSettingConfigured() {
 
         final List<String> privateAttributes = List.of("private", "http://elastic.co/confidential");
         final RealmConfig config = realmConfig(privateAttributes);
-        final SamlPrivateAttributePredicate predicate = SamlPrivateAttributePredicate.create(config);
+        final SamlPrivateAttributePredicate predicate = new SamlPrivateAttributePredicate(config);
 
         final String privateAttribute = randomFrom(privateAttributes);
         final String nonPrivateAttribute = randomFrom(new String[] { null, " ", randomAlphaOfLengthBetween(0, 3) });
@@ -51,7 +51,7 @@ public void testPredicateWhenSettingIsNotConfigured() {
 
         List<String> privateAttributes = randomBoolean() ? List.of() : null;
         RealmConfig config = realmConfig(privateAttributes);
-        SamlPrivateAttributePredicate predicate = SamlPrivateAttributePredicate.create(config);
+        SamlPrivateAttributePredicate predicate = new SamlPrivateAttributePredicate(config);
 
         String name = randomFrom(randomAlphaOfLengthBetween(0, 5), null);
         String friendlyName = randomFrom(randomAlphaOfLengthBetween(0, 5), null);
