Ensure that other url params stay unredacted

Signed-off-by: Craig Perkins <[email protected]>

src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java

@@ -101,12 +101,12 @@ public void shouldAuthenticateWithJwtTokenInUrl_positive() {
         Header jwtToken = tokenFactory.generateValidToken(ADMIN_USER.getName());
         String jwtTokenValue = jwtToken.getValue();
         try (TestRestClient client = cluster.getRestClient()) {
-            HttpResponse response = client.getAuthInfo(Map.of(TOKEN_URL_PARAM, jwtTokenValue));
+            HttpResponse response = client.getAuthInfo(Map.of(TOKEN_URL_PARAM, jwtTokenValue, "verbose", "true"));
 
             response.assertStatusCode(200);
             String username = response.getTextFromJsonBody(POINTER_USERNAME);
             assertThat(username, equalTo(ADMIN_USER.getName()));
-            Map<String, String> expectedParams = Map.of("token", "REDACTED");
+            Map<String, String> expectedParams = Map.of("token", "REDACTED", "verbose", "true");
 
             auditLogsRule.assertExactlyOne(
                 userAuthenticated(ADMIN_USER).withRestRequest(GET, "/_opendistro/_security/authinfo").withRestParams(expectedParams)

src/main/java/org/opensearch/security/auth/BackendRegistry.java

@@ -77,6 +77,7 @@ public class BackendRegistry {
     protected final Logger log = LogManager.getLogger(this.getClass());
     private SortedSet<AuthDomain> restAuthDomains;
     private Set<AuthorizationBackend> restAuthorizers;
+
     private List<AuthFailureListener> ipAuthFailureListeners;
     private Multimap<String, AuthFailureListener> authBackendFailureListeners;
     private List<ClientBlockRegistry<InetAddress>> ipClientBlockRegistries;
@@ -180,8 +181,6 @@ public void onDynamicConfigModelChanged(DynamicConfigModel dcm) {
         ipClientBlockRegistries = dcm.getIpClientBlockRegistries();
         authBackendClientBlockRegistries = dcm.getAuthBackendClientBlockRegistries();
 
-        SortedSet<AuthDomain> authDomains = Collections.unmodifiableSortedSet(dcm.getRestAuthDomains());
-
         // OpenSearch Security no default authc
         initialized = !restAuthDomains.isEmpty() || anonymousAuthEnabled || injectedUserEnabled;
     }

src/main/java/org/opensearch/security/rest/SecurityInfoAction.java

@@ -88,6 +88,7 @@ public List<Route> routes() {
 
     @Override
     protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
+        final boolean verbose = request.paramAsBoolean("verbose", false);
         return new RestChannelConsumer() {
 
             @Override
@@ -97,8 +98,6 @@ public void accept(RestChannel channel) throws Exception {
 
                 try {
 
-                    final boolean verbose = request.paramAsBoolean("verbose", false);
-
                     final X509Certificate[] certs = threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_SSL_PEER_CERTIFICATES);
                     final User user = threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
                     final TransportAddress remoteAddress = threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS);