in src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java [202:343]
private void buildAAA() {
final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
final List<ClientBlockRegistry<InetAddress>> ipClientBlockRegistries0 = new ArrayList<>();
final Multimap<String, ClientBlockRegistry<String>> authBackendClientBlockRegistries0 = ArrayListMultimap.create();
final Authz authzDyn = config.dynamic.authz;
for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;
if (httpEnabled || transportEnabled) {
try {
final String authzBackendClazz = ad.getValue().authorization_backend.type;
final AuthorizationBackend authorizationBackend;
if(authzBackendClazz.equals(InternalAuthenticationBackend.class.getName()) //NOSONAR
|| authzBackendClazz.equals("internal")
|| authzBackendClazz.equals("intern")) {
authorizationBackend = iab;
ReflectionHelper.addLoadedModule(InternalAuthenticationBackend.class);
} else {
authorizationBackend = newInstance(
authzBackendClazz,"z",
Settings.builder()
.put(opensearchSettings)
//.putProperties(ads.getAsStringMap(DotPath.of("authorization_backend.config")), DynamicConfiguration.checkKeyFunction()).build(), configPath);
.put(Settings.builder().loadFromSource(ad.getValue().authorization_backend.configAsJson(), XContentType.JSON).build()).build()
, configPath);
}
if (httpEnabled) {
restAuthorizers0.add(authorizationBackend);
}
if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}
if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
} catch (final Exception e) {
log.error("Unable to initialize AuthorizationBackend {} due to {}", ad, e.toString(),e);
}
}
}
final Authc authcDyn = config.dynamic.authc;
for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;
if (httpEnabled || transportEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
if(authBackendClazz.equals(InternalAuthenticationBackend.class.getName()) //NOSONAR
|| authBackendClazz.equals("internal")
|| authBackendClazz.equals("intern")) {
authenticationBackend = iab;
ReflectionHelper.addLoadedModule(InternalAuthenticationBackend.class);
} else {
authenticationBackend = newInstance(
authBackendClazz,"c",
Settings.builder()
.put(opensearchSettings)
//.putProperties(ads.getAsStringMap(DotPath.of("authentication_backend.config")), DynamicConfiguration.checkKeyFunction()).build()
.put(Settings.builder().loadFromSource(ad.getValue().authentication_backend.configAsJson(), XContentType.JSON).build()).build()
, configPath);
}
String httpAuthenticatorType = ad.getValue().http_authenticator.type; //no default
HTTPAuthenticator httpAuthenticator = httpAuthenticatorType==null?null: (HTTPAuthenticator) newInstance(httpAuthenticatorType,"h",
Settings.builder().put(opensearchSettings)
//.putProperties(ads.getAsStringMap(DotPath.of("http_authenticator.config")), DynamicConfiguration.checkKeyFunction()).build(),
.put(Settings.builder().loadFromSource(ad.getValue().http_authenticator.configAsJson(), XContentType.JSON).build()).build()
, configPath);
final AuthDomain _ad = new AuthDomain(authenticationBackend, httpAuthenticator,
ad.getValue().http_authenticator.challenge, ad.getValue().order);
if (httpEnabled && _ad.getHttpAuthenticator() != null) {
restAuthDomains0.add(_ad);
}
if (transportEnabled) {
transportAuthDomains0.add(_ad);
}
if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
if (authenticationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authenticationBackend);
}
} catch (final Exception e) {
log.error("Unable to initialize auth domain {} due to {}", ad, e.toString(), e);
}
}
}
List<Destroyable> originalDestroyableComponents = destroyableComponents;
restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);
destroyableComponents = Collections.unmodifiableList(destroyableComponents0);
if(originalDestroyableComponents != null) {
destroyDestroyables(originalDestroyableComponents);
}
originalDestroyableComponents = null;
createAuthFailureListeners(ipAuthFailureListeners0,
authBackendFailureListeners0, ipClientBlockRegistries0, authBackendClientBlockRegistries0, destroyableComponents0);
ipAuthFailureListeners = Collections.unmodifiableList(ipAuthFailureListeners0);
ipClientBlockRegistries = Collections.unmodifiableList(ipClientBlockRegistries0);
authBackendClientBlockRegistries = Multimaps.unmodifiableMultimap(authBackendClientBlockRegistries0);
authBackendFailureListeners = Multimaps.unmodifiableMultimap(authBackendFailureListeners0);
}