From 95df8d63f59772ea8d1d4d4a3f26f35ae776376c Mon Sep 17 00:00:00 2001 From: Slobodan Adamovic Date: Thu, 3 Jul 2025 23:12:21 +0200 Subject: [PATCH 1/2] Refactor custom API key authenticator interface Extending `extractCredentials` method to accept `ThreadContext` in order to allow associating any additional request headers with the authentication token. --- .../security/authc/apikey/CustomApiKeyAuthenticator.java | 5 +++-- .../xpack/security/authc/PluggableApiKeyAuthenticator.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java index 4f5d05e720715..c5261c0bab3fd 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java @@ -9,6 +9,7 @@ import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.core.Nullable; import org.elasticsearch.xpack.core.security.authc.Authentication; import org.elasticsearch.xpack.core.security.authc.AuthenticationResult; @@ -22,7 +23,7 @@ public interface CustomApiKeyAuthenticator { String name(); - AuthenticationToken extractCredentials(@Nullable SecureString apiKeyCredentials); + AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials); void authenticate(@Nullable AuthenticationToken authenticationToken, ActionListener> listener); @@ -36,7 +37,7 @@ public String name() { } @Override - public AuthenticationToken extractCredentials(@Nullable SecureString apiKeyCredentials) { + public AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials) { return null; } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java index 0637efbc5e89a..84b238ba7985f 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/PluggableApiKeyAuthenticator.java @@ -32,7 +32,7 @@ public String name() { @Override public AuthenticationToken extractCredentials(Context context) { - return authenticator.extractCredentials(context.getApiKeyString()); + return authenticator.extractCredentials(context.getThreadContext(), context.getApiKeyString()); } @Override From 216a7013a904781ad8800d46139e05b073c2cd07 Mon Sep 17 00:00:00 2001 From: elasticsearchmachine Date: Thu, 3 Jul 2025 21:22:44 +0000 Subject: [PATCH 2/2] [CI] Auto commit changes from spotless --- .../core/security/authc/apikey/CustomApiKeyAuthenticator.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java index c5261c0bab3fd..46f40b64b3492 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/apikey/CustomApiKeyAuthenticator.java @@ -23,7 +23,7 @@ public interface CustomApiKeyAuthenticator { String name(); - AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials); + AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials); void authenticate(@Nullable AuthenticationToken authenticationToken, ActionListener> listener); @@ -37,7 +37,7 @@ public String name() { } @Override - public AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials) { + public AuthenticationToken extractCredentials(ThreadContext threadContext, @Nullable SecureString apiKeyCredentials) { return null; }