Removes artistry introduced in opensearch-project#5186

DarshitChanpura · DarshitChanpura · commit 1d49b0e514b3 · 2025-03-17T19:50:02.000-04:00
Signed-off-by: Darshit Chanpura &lt;dchanp@amazon.com&gt;
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -273,7 +273,6 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin
     private volatile RestLayerPrivilegesEvaluator restLayerEvaluator;
     private volatile ConfigurationRepository cr;
     private volatile AdminDNs adminDns;
-    private volatile org.opensearch.security.common.configuration.AdminDNs adminDNsCommon;
     private volatile ClusterService cs;
     private volatile AtomicReference<DiscoveryNode> localNode = new AtomicReference<>();
     private volatile AuditLog auditLog;
@@ -1138,7 +1137,6 @@ public Collection<Object> createComponents(
         sslExceptionHandler = new AuditLogSslExceptionHandler(auditLog);
 
         adminDns = new AdminDNs(settings);
-        adminDNsCommon = new org.opensearch.security.common.configuration.AdminDNs(settings);
 
         cr = ConfigurationRepository.create(settings, this.configPath, threadPool, localClient, clusterService, auditLog);
 
@@ -1169,7 +1167,7 @@ public Collection<Object> createComponents(
 
         final var resourceSharingIndex = ResourceSharingConstants.OPENSEARCH_RESOURCE_SHARING_INDEX;
         ResourceSharingIndexHandler rsIndexHandler = new ResourceSharingIndexHandler(resourceSharingIndex, localClient, threadPool);
-        ResourceAccessHandler resourceAccessHandler = new ResourceAccessHandler(threadPool, rsIndexHandler, adminDNsCommon);
+        ResourceAccessHandler resourceAccessHandler = new ResourceAccessHandler(threadPool, rsIndexHandler, adminDns);
         resourceAccessHandler.initializeRecipientTypes();
         // Resource Sharing index is enabled by default
         boolean isResourceSharingEnabled = settings.getAsBoolean(
@@ -1258,7 +1256,6 @@ public Collection<Object> createComponents(
         }
 
         components.add(adminDns);
-        components.add(adminDNsCommon);
         components.add(cr);
         components.add(xffResolver);
         components.add(backendRegistry);
diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -225,7 +225,7 @@ public boolean authenticate(final SecurityRequestChannel request) {
         if (adminDns.isAdminDN(sslPrincipal)) {
             // PKI authenticated REST call
             User superuser = new User(sslPrincipal);
-            UserSubject subject = new UserSubjectImpl(threadPool, new org.opensearch.security.common.user.User(sslPrincipal));
+            UserSubject subject = new UserSubjectImpl(threadPool, superuser);
             threadContext.putPersistent(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER, subject);
             threadContext.putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, superuser);
             return true;
@@ -393,14 +393,7 @@ public boolean authenticate(final SecurityRequestChannel request) {
             final User effectiveUser = impersonatedUser == null ? authenticatedUser : impersonatedUser;
             threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, effectiveUser);
 
-            // TODO: The following artistry must be reverted when User class is completely moved to :opensearch-security-common
-            org.opensearch.security.common.user.User effUser = new org.opensearch.security.common.user.User(
-                effectiveUser.getName(),
-                effectiveUser.getRoles(),
-                null
-            );
-            effUser.setAttributes(effectiveUser.getCustomAttributesMap());
-            UserSubject subject = new UserSubjectImpl(threadPool, effUser);
+            UserSubject subject = new UserSubjectImpl(threadPool, effectiveUser);
             threadPool.getThreadContext().putPersistent(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER, subject);
         } else {
             if (isDebugEnabled) {
@@ -428,14 +421,7 @@ public boolean authenticate(final SecurityRequestChannel request) {
                 User anonymousUser = new User(User.ANONYMOUS.getName(), new HashSet<String>(User.ANONYMOUS.getRoles()), null);
                 anonymousUser.setRequestedTenant(tenant);
 
-                org.opensearch.security.common.user.User anonymousUserCommon = new org.opensearch.security.common.user.User(
-                    User.ANONYMOUS.getName(),
-                    new HashSet<>(User.ANONYMOUS.getRoles()),
-                    null
-                );
-                anonymousUserCommon.setRequestedTenant(tenant);
-
-                UserSubject subject = new UserSubjectImpl(threadPool, anonymousUserCommon);
+                UserSubject subject = new UserSubjectImpl(threadPool, anonymousUser);
 
                 threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, anonymousUser);
                 threadPool.getThreadContext().putPersistent(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER, subject);
