Skip to content

Commit 0cd002d

Browse files
Add javadoc about ThreadContextPermission for stashWithOrigin and stashAndMergeHeaders (opensearch-project#15051) (opensearch-project#15055)
(cherry picked from commit 67a2e4c) Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
1 parent 1defc37 commit 0cd002d

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

server/src/main/java/org/opensearch/common/util/concurrent/ThreadContext.java

+14
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,13 @@ public Writeable captureAsWriteable() {
215215
* For example, a user might not have permission to GET from the tasks index
216216
* but the tasks API will perform a get on their behalf using this method
217217
* if it can't find the task in memory.
218+
*
219+
* Usage of stashWithOrigin is guarded by a ThreadContextPermission. In order to use
220+
* stashWithOrigin, the codebase needs to explicitly be granted permission in the JSM policy file.
221+
*
222+
* Add an entry in the grant portion of the policy file like this:
223+
*
224+
* permission org.opensearch.secure_sm.ThreadContextPermission "stashWithOrigin";
218225
*/
219226
public StoredContext stashWithOrigin(String origin) {
220227
SecurityManager sm = System.getSecurityManager();
@@ -237,6 +244,13 @@ public StoredContext stashWithOrigin(String origin) {
237244
* Removes the current context and resets a new context that contains a merge of the current headers and the given headers.
238245
* The removed context can be restored when closing the returned {@link StoredContext}. The merge strategy is that headers
239246
* that are already existing are preserved unless they are defaults.
247+
*
248+
* Usage of stashAndMergeHeaders is guarded by a ThreadContextPermission. In order to use
249+
* stashAndMergeHeaders, the codebase needs to explicitly be granted permission in the JSM policy file.
250+
*
251+
* Add an entry in the grant portion of the policy file like this:
252+
*
253+
* permission org.opensearch.secure_sm.ThreadContextPermission "stashAndMergeHeaders";
240254
*/
241255
public StoredContext stashAndMergeHeaders(Map<String, String> headers) {
242256
SecurityManager sm = System.getSecurityManager();

0 commit comments

Comments
 (0)