Module org.elasticsearch.security
Interface OperatorPrivileges.OperatorPrivilegesService
- All Known Implementing Classes:
OperatorPrivileges.DefaultOperatorPrivilegesService
- Enclosing class:
OperatorPrivileges
public static interface OperatorPrivileges.OperatorPrivilegesService
-
Method Summary
Modifier and TypeMethodDescriptioncheck(Authentication authentication, String action, TransportRequest request, ThreadContext threadContext) Check whether the user is an operator and whether the request is an operator-only.booleancheckRest(RestHandler restHandler, RestRequest restRequest, RestChannel restChannel, ThreadContext threadContext) Checks to see if a givenRestHandleris subject to operator-only restrictions for the REST API.voidmaybeInterceptRequest(ThreadContext threadContext, TransportRequest request) When operator privileges are enabled, certain requests needs to be configured in a specific way so that they respect operator only settings.voidmaybeMarkOperatorUser(Authentication authentication, ThreadContext threadContext) Set a ThreadContext HeaderAuthenticationField.PRIVILEGE_CATEGORY_KEYif authentication is an operator user.
-
Method Details
-
maybeMarkOperatorUser
Set a ThreadContext HeaderAuthenticationField.PRIVILEGE_CATEGORY_KEYif authentication is an operator user. -
check
ElasticsearchSecurityException check(Authentication authentication, String action, TransportRequest request, ThreadContext threadContext) Check whether the user is an operator and whether the request is an operator-only.- Returns:
- An exception if user is an non-operator and the request is operator-only. Otherwise returns null.
-
checkRest
boolean checkRest(RestHandler restHandler, RestRequest restRequest, RestChannel restChannel, ThreadContext threadContext) Checks to see if a givenRestHandleris subject to operator-only restrictions for the REST API. Any REST API may be fully or partially restricted. A fully restricted REST API mandates that the implementation results in restChannel.sendResponse(...) and return afalseto prevent any further processing. A partially restricted REST API mandates that theRestRequestis marked as restricted and returntrue. No restrictions should also returntrue.- Parameters:
restHandler- TheRestHandlerto check for any restrictionsrestRequest- TheRestRequestto check for any restrictions and mark any partially restricted REST API'srestChannel- TheRestChannelto enforce fully restricted REST API's- Returns:
trueif processing the request should continue,falseif processing the request should halt due to a fully restricted REST API
-
maybeInterceptRequest
When operator privileges are enabled, certain requests needs to be configured in a specific way so that they respect operator only settings. For an example, the restore snapshot request should not restore operator only states from the snapshot. This method is where that requests are configured when necessary.
-