HLRC: PutUserRequest should not be closeable (#34196)

jaymode · web-flow · commit 2e5945a5e9fb · 2018-10-02T10:10:32.000-06:00
The PutUserRequest implemented closeable as it assumed ownership of the password provided to the class. This change removes the ownership of the password, documents it in the javadoc, and removes the closeable implementation. Additionally, the intermediate bytes used for writing the password to XContent are now cleared. This makes the PutUserRequest consistent with the behavior discussed in #33509.
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutUserRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutUserRequest.java
@@ -25,7 +25,6 @@
 import org.elasticsearch.common.xcontent.ToXContentObject;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 
-import java.io.Closeable;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
@@ -37,7 +36,7 @@
 /**
  * Request object to create or update a user in the native realm.
  */
-public final class PutUserRequest implements Validatable, Closeable, ToXContentObject {
+public final class PutUserRequest implements Validatable, ToXContentObject {
 
     private final String username;
     private final List<String> roles;
@@ -48,6 +47,20 @@ public final class PutUserRequest implements Validatable, Closeable, ToXContentO
     private final boolean enabled;
     private final RefreshPolicy refreshPolicy;
 
+    /**
+     * Creates a new request that is used to create or update a user in the native realm.
+     *
+     * @param username the username of the user to be created or updated
+     * @param password the password of the user. The password array is not modified by this class.
+     *                 It is the responsibility of the caller to clear the password after receiving
+     *                 a response.
+     * @param roles the roles that this user is assigned
+     * @param fullName the full name of the user that may be used for display purposes
+     * @param email the email address of the user
+     * @param enabled true if the user is enabled and allowed to access elasticsearch
+     * @param metadata a map of additional user attributes that may be used in templating roles
+     * @param refreshPolicy the refresh policy for the request.
+     */
     public PutUserRequest(String username, char[] password, List<String> roles, String fullName, String email, boolean enabled,
                           Map<String, Object> metadata, RefreshPolicy refreshPolicy) {
         this.username = Objects.requireNonNull(username, "username is required");
@@ -114,13 +127,6 @@ public int hashCode() {
         return result;
     }
 
-    @Override
-    public void close() {
-        if (password != null) {
-            Arrays.fill(password, (char) 0);
-        }
-    }
-
     @Override
     public Optional<ValidationException> validate() {
         if (metadata != null && metadata.keySet().stream().anyMatch(s -> s.startsWith("_"))) {
@@ -137,7 +143,11 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
         builder.field("username", username);
         if (password != null) {
             byte[] charBytes = CharArrays.toUtf8Bytes(password);
-            builder.field("password").utf8Value(charBytes, 0, charBytes.length);
+            try {
+                builder.field("password").utf8Value(charBytes, 0, charBytes.length);
+            } finally {
+                Arrays.fill(charBytes, (byte) 0);
+            }
         }
         if (roles != null) {
             builder.field("roles", roles);
