Changes direct request comparision to compare using localNode

Signed-off-by: Darshit Chanpura <[email protected]>
opensearch-project · May 12, 2023 · d1198d9 · d1198d9
1 parent 5c63420
commit d1198d9
Showing 1 changed file with 17 additions and 17 deletions.
diff --git a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java
@@ -58,7 +58,6 @@
 import org.opensearch.security.ssl.transport.SSLConfig;
 import org.opensearch.security.support.Base64Helper;
 import org.opensearch.security.support.ConfigConstants;
-import org.opensearch.security.support.HeaderHelper;
 import org.opensearch.security.user.User;
 import org.opensearch.threadpool.ThreadPool;
 import org.opensearch.transport.Transport.Connection;
@@ -128,7 +127,7 @@ public <T extends TransportResponse> void sendRequestDecorate(AsyncSender sender
         final String origCCSTransientMf = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_MASKED_FIELD_CCS);
 
         final boolean isDebugEnabled = log.isDebugEnabled();
-        final boolean isDirectRequest = HeaderHelper.isDirectRequest(getThreadContext());
+        final boolean isDirectRequest = cs.localNode().equals(connection.getNode()); // using DiscoveryNode equals comparison here
 
         try (ThreadContext.StoredContext stashedContext = getThreadContext().stashContext()) {
             final TransportResponseHandler<T> restoringHandler = new RestoringTransportResponseHandler<T>(handler, stashedContext);
@@ -236,25 +235,26 @@ private void ensureCorrectHeaders(final Object remoteAdr, final User origUser, f
             }
         }
 
-
+        User user = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
         String userHeader = getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER);
 
-        if(userHeader == null) {
-            if(origUser != null) {
-                if(isDirectRequest) {
-                    // if request is going to be handled by same node, we directly put transient value as the thread context is not going to be stah.
-                    getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, origUser);
-                } else {
-                    getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser));
-                }
-            }
-            else if(StringUtils.isNotEmpty(injectedRolesString)) {
-                getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_ROLES_HEADER, injectedRolesString);
-            }
-            else if(StringUtils.isNotEmpty(injectedUserString)) {
-                getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER_HEADER, injectedUserString);
+
+        if(origUser != null) {
+            if(isDirectRequest) {
+                // if request is going to be handled by same node, we directly put transient value as the thread context is not going to be stah.
+                getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, origUser);
+//                    getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser));
+            } else {
+                getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER, Base64Helper.serializeObject(origUser));
             }
         }
+        else if(StringUtils.isNotEmpty(injectedRolesString)) {
+            getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_ROLES_HEADER, injectedRolesString);
+        }
+        else if(StringUtils.isNotEmpty(injectedUserString)) {
+            getThreadContext().putHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER_HEADER, injectedUserString);
+        }
+
 
     }