More

n1v0lg · n1v0lg · commit e3abd81744b8 · 2025-05-28T15:01:54.000+02:00
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticatorChain.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticatorChain.java
@@ -54,7 +54,7 @@ class AuthenticatorChain {
         AuthenticationContextSerializer authenticationSerializer,
         ServiceAccountAuthenticator serviceAccountAuthenticator,
         OAuth2TokenAuthenticator oAuth2TokenAuthenticator,
-        PluggableApiKeyAuthenticator customApiKeyAuthenticator,
+        PluggableApiKeyAuthenticator pluggableApiKeyAuthenticator,
         ApiKeyAuthenticator apiKeyAuthenticator,
         RealmsAuthenticator realmsAuthenticator
     ) {
@@ -68,7 +68,7 @@ class AuthenticatorChain {
         this.allAuthenticators = List.of(
             serviceAccountAuthenticator,
             oAuth2TokenAuthenticator,
-            customApiKeyAuthenticator,
+            pluggableApiKeyAuthenticator,
             apiKeyAuthenticator,
             realmsAuthenticator
         );
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java
@@ -33,12 +33,14 @@ public AuthenticationToken extractCredentials(Context context) {
     @Override
     public void authenticate(Context context, ActionListener<AuthenticationResult<Authentication>> listener) {
         final AuthenticationToken authenticationToken = context.getMostRecentAuthenticationToken();
-        authenticator.authenticate(
-            authenticationToken,
-            ActionListener.wrap(
-                listener::onResponse,
-                ex -> listener.onFailure(context.getRequest().exceptionProcessingRequest(ex, authenticationToken))
-            )
-        );
+        authenticator.authenticate(authenticationToken, ActionListener.wrap(response -> {
+            if (response.isAuthenticated()) {
+                listener.onResponse(response);
+            } else if (response.getStatus() == AuthenticationResult.Status.TERMINATE) {
+                listener.onFailure(context.getRequest().exceptionProcessingRequest(response.getException(), authenticationToken));
+            } else if (response.getStatus() == AuthenticationResult.Status.CONTINUE) {
+                listener.onResponse(AuthenticationResult.notHandled());
+            }
+        }, ex -> listener.onFailure(context.getRequest().exceptionProcessingRequest(ex, authenticationToken))));
     }
 }
