Fixes after rebase with main

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>

Author: DarshitChanpura

CHANGELOG.md

@@ -6,8 +6,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ## [Unreleased 3.x]
 
 ### Features
-### Added
-- [Resource Sharing] Adds a Resource Access Evaluator for standalone Resource access authorization ([#5408](https://github.com/opensearch-project/security/pull/5408))
 
 * Introduced new experimental versioned security configuration management feature ([#5357] (https://github.com/opensearch-project/security/pull/5357))
 * [Resource Sharing] Adds migrate API to move resource-sharing info to security plugin ([#5389](https://github.com/opensearch-project/security/pull/5389))
@@ -27,8 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 * Optimized performance for construction of internal action privileges data structure  ([#5470](https://github.com/opensearch-project/security/pull/5470))
 * Restricting query optimization via star tree index for users with queries on indices with DLS/FLS/FieldMasked restrictions ([#5492](https://github.com/opensearch-project/security/pull/5492))
 * Handle subject in nested claim for JWT auth backends ([#5467](https://github.com/opensearch-project/security/pull/5467))
-* Moved OpenSAML jars to a Shadow Jar configuration to facilitate its use in FIPS enabled environments ([#5400](https://github.com/opensearch-project/security/pull/5404))
-* [Resource Sharing] Adds a Resource Access Evaluator for standalone Resource access authorization ([#5408](https://github.com/opensearch-project/security/pull/5408))
+* [Resource Sharing] Adds a Share API to fetch and update sharing information ([#5459](https://github.com/opensearch-project/security/pull/5459))
 
 ### Bug Fixes
 
@@ -39,7 +36,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 * Fix usage of jwt_clock_skew_tolerance_seconds in HTTPJwtAuthenticator ([#5506](https://github.com/opensearch-project/security/pull/5506))
 * Always install demo certs if configured with demo certs ([#5517](https://github.com/opensearch-project/security/pull/5517))
 
-
 ### Refactoring
 
 * Refactor JWT Vendor to take a claims builder and rename oboEnabled to be enabled ([#5436](https://github.com/opensearch-project/security/pull/5436))
@@ -54,7 +50,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump `spring_version` from 6.2.7 to 6.2.9 ([#5403](https://github.com/opensearch-project/security/pull/5403), [#5493](https://github.com/opensearch-project/security/pull/5493))
 - Bump `stefanzweifel/git-auto-commit-action` from 5 to 6 ([#5401](https://github.com/opensearch-project/security/pull/5401))
 - Bump `com.github.spotbugs` from 5.2.5 to 6.2.3 ([#5409](https://github.com/opensearch-project/security/pull/5409), [#5450](https://github.com/opensearch-project/security/pull/5450), [#5474](https://github.com/opensearch-project/security/pull/5474), [#5536](https://github.com/opensearch-project/security/pull/5536))
-- Bump `com.github.spotbugs` from 5.2.5 to 6.2.1 ([#5409](https://github.com/opensearch-project/security/pull/5409), [#5450](https://github.com/opensearch-project/security/pull/5450))
 - Bump `org.codehaus.plexus:plexus-utils` from 3.3.0 to 3.6.0 ([#5429](https://github.com/opensearch-project/security/pull/5429))
 - Bump `net.bytebuddy:byte-buddy` from 1.17.5 to 1.17.6 ([#5427](https://github.com/opensearch-project/security/pull/5427))
 - Bump `io.dropwizard.metrics:metrics-core` from 4.2.32 to 4.2.33 ([#5428](https://github.com/opensearch-project/security/pull/5428))

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/SecurityDisabledTests.java

@@ -26,6 +26,7 @@
 import org.opensearch.test.framework.cluster.ClusterManager;
 import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
+import org.opensearch.test.framework.matcher.RestMatchers;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
@@ -129,7 +130,6 @@ public void testSamplePluginAPIs() {
     }
 
     private void assertNotImplementedResponse(TestRestClient.HttpResponse response, String msg) {
-        response.assertStatusCode(HttpStatus.SC_NOT_IMPLEMENTED);
-        assertThat(response.getTextFromJsonBody("/error/reason"), containsString(msg));
+        assertThat(response, RestMatchers.isMethodNotImplemented("/error/reason", msg));
     }
 }

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/revoke/RevokeResourceAccessRequest.java

@@ -19,8 +19,6 @@
 
 import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
 
-import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
-
 /**
  * Request object for revoking access to a sample resource
  */

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/share/ShareResourceRequest.java

@@ -19,8 +19,6 @@
 
 import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
 
-import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
-
 /**
  * Request object for sharing sample resource transport action
  */

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -1171,9 +1171,7 @@ public Collection<Object> createComponents(
             settings,
             privilegesInterceptor,
             cih,
-            irr,
-            resourcePluginInfo.getResourceIndices(),
-            rsIndexHandler
+            irr
         );
 
         dlsFlsBaseContext = new DlsFlsBaseContext(evaluator, threadPool.getThreadContext(), adminDns);

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -26,7 +26,6 @@
 
 package org.opensearch.security.privileges;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;

src/main/java/org/opensearch/security/resources/ResourceAccessHandler.java

@@ -39,6 +39,7 @@
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.support.WildcardMatcher;
 import org.opensearch.security.user.User;
+import org.opensearch.threadpool.ThreadPool;
 
 import reactor.util.annotation.NonNull;
 
@@ -59,12 +60,12 @@ public class ResourceAccessHandler {
 
     @Inject
     public ResourceAccessHandler(
-        final ThreadContext threadContext,
+        final ThreadPool threadPool,
         final ResourceSharingIndexHandler resourceSharingIndexHandler,
         AdminDNs adminDns,
         PrivilegesEvaluator evaluator
     ) {
-        this.threadContext = threadContext;
+        this.threadContext = threadPool.getThreadContext();
         this.resourceSharingIndexHandler = resourceSharingIndexHandler;
         this.adminDNs = adminDns;
         this.privilegesEvaluator = evaluator;

src/main/java/org/opensearch/security/transport/SecurityRequestHandler.java

@@ -114,18 +114,6 @@ protected void messageReceivedDecorate(
 
         String initialActionClassValue = getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_INITIAL_ACTION_CLASS_HEADER);
 
-        String userHdr = getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER_HEADER);
-
-        // restore a persistent user-subject from header, if null
-        if (getThreadContext().getPersistent(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER) == null && userHdr != null) {
-            User user = this.userFactory.fromSerializedBase64(userHdr);
-
-            getThreadContext().putPersistent(
-                ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER,
-                new UserSubjectImpl(getThreadPool(), user)
-            );
-        }
-
         final ThreadContext.StoredContext sgContext = getThreadContext().newStoredContext(false);
 
         final String originHeader = getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN_HEADER);