I am developing a security plugin for our use where we intercept all Rest Action through a RestHandlerWrapper and authenticate user based on the given criteria.
Once Authenticated we want perform some authorization later based on the specific Action with the help of ActionFilter as an example if SearchAction we validate if user had access on the index he is querying plus the fields he is requesting as part of the request. For this I am setting a variable in ThreadLocal at the RestHandlerWrapper level and retrieving it in the ActionFilter.
My only question here do we see an issue with this approach of storing variable in threadlocal(we unset it within the ActionFilter itself) and can I use ThreadContext here? and if so how do i access ThreadContext within a ActionFilter
Elastic Version 6.2.3
thread local is very likely not going to work as your task is passed through several thread pools.
I think the best way of getting started is to dig your way through the tests and go from there. For example starting at the
ThreadContextTests https://github.com/elastic/elasticsearch/blob/master/server/src/test/java/org/elasticsearch/common/util/concurrent/ThreadContextTests.java and then search for usages of the thread context.
Thanks for the reply after the code review of elastic I found the way how to move data through thread context for my use case.
Below is the Approach
In the ActionPlugin implementation we are going to override the getTaskHeaders() method and add the header name the application sends, secondly in the RestHandlerWrapper impl we are going to add the headers we retrieve from the request to the ThreadContext.putHeader()
Once the above two are done in the ActionFilter implementation the Task Object will then provide the custom header we are looking for.
On a side note in the RestHandlerWrapper Impl we do call the super.handleRequest() which then eventually delegates the call to the ActionFilter hence even ThreadLocal will work as it is the same thread which executes the filter but ThreadContext is neater and better managed option
Thanks for your help
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.