|
57 | 57 | import org.opensearch.identity.UserSubject; |
58 | 58 | import org.opensearch.security.auditlog.AuditLog; |
59 | 59 | import org.opensearch.security.auth.blocking.ClientBlockRegistry; |
| 60 | +import org.opensearch.security.auth.internal.InternalAuthenticationBackend; |
60 | 61 | import org.opensearch.security.auth.internal.NoOpAuthenticationBackend; |
61 | 62 | import org.opensearch.security.configuration.AdminDNs; |
62 | 63 | import org.opensearch.security.filter.SecurityRequest; |
@@ -103,6 +104,8 @@ public class BackendRegistry { |
103 | 104 | private Cache<AuthCredentials, User> userCache; // rest standard |
104 | 105 | private Cache<String, User> restImpersonationCache; // used for rest impersonation |
105 | 106 | private Cache<User, Set<String>> restRoleCache; // |
| 107 | + private static final String OPENSEARCH_PRODUCT_ORIGIN_HTTP_HEADER = "X-opensearch-product-origin"; |
| 108 | + private static final String OPENSEARCH_PRODUCT_DASHBOARD_ORIGIN = "opensearch-dashboards"; |
106 | 109 |
|
107 | 110 | private void createCaches() { |
108 | 111 | userCache = CacheBuilder.newBuilder() |
@@ -363,6 +366,16 @@ public boolean authenticate(final SecurityRequestChannel request) { |
363 | 366 | request |
364 | 367 | ); |
365 | 368 | } |
| 369 | + |
| 370 | + if ( request.header(OPENSEARCH_PRODUCT_ORIGIN_HTTP_HEADER)!= null && request.header(OPENSEARCH_PRODUCT_ORIGIN_HTTP_HEADER).equals(OPENSEARCH_PRODUCT_DASHBOARD_ORIGIN) && authDomain.getBackend().getClass().getName().equals(InternalAuthenticationBackend.class.getName()) ) { |
| 371 | + log.error("Cannot authenticate rest user because user authentication failed from browser."); |
| 372 | + auditLog.logFailedLogin(ac.getUsername(), true, null, request); |
| 373 | + request.queueForSending( |
| 374 | + new SecurityResponse(SC_FORBIDDEN, "Cannot authenticate user because authentication failed from browser login via HTTP") |
| 375 | + ); |
| 376 | + return false; |
| 377 | + |
| 378 | + } |
366 | 379 | continue; |
367 | 380 | } |
368 | 381 |
|
|
0 commit comments